CVE-2015-4373

Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/73054
https://www.drupal.org/node/2404115	Patch
https://www.drupal.org/node/2450427	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:og_tabs_project:og_tabs:*:*:*:*:*:drupal:*:*

History

No history.

Information

Published : 2015-06-15 14:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-4373

Mitre link : CVE-2015-4373

CVE.ORG link : CVE-2015-4373

JSON object : View

Products Affected

og_tabs_project

og_tabs

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5 /10