CVE-2013-1783

Published Mar 27, 2013

Last updated 3 months ago

CVSS info 2.1

Overview

Description: Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devsaran:business:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C29CC0CD-8E6A-4874-A39E-0BBDA9A256CE",
            "versionEndIncluding": "7.x-1.8"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E4E2182-5682-4D08-9CD6-2DDCE2B9252C"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3297EE35-5AD1-4965-BB38-2628D2E84B1C"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D143287E-42A8-4432-A6DC-2F90F6D8117E"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65297589-0D14-4428-9ED5-E8AD11F08183"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10E97E7-4F7B-4175-8D94-63BCA57A6382"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9903EA88-D2C9-42F6-AC82-C386B5204838"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6403AC50-1827-43A3-BBDA-1DDA01A823E2"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8A18A2A-784F-4C7E-8CDB-F18509D1D3E3"
          },
          {
            "criteria": "cpe:2.3:a:devsaran:business:7.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62EFFEF5-7175-499B-855B-0922959094EC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References