Cross site scripting

2014-01-3018:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.

CPENameOperatorVersion
anonymous_postingeq7.120.12
anonymous_postingeq7.120.13

CPE	Name	Operator	Version
	anonymous_posting	eq	7.120.12
	anonymous_posting	eq	7.120.13

References

osvdb.org/102126

packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Jan/77

secunia.com/advisories/56476

drupal.org/node/2173321

drupal.org/node/2173437

exchange.xforce.ibmcloud.com/vulnerabilities/90526