CVE-2013-4447

Published Nov 1, 2013

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD5D0DB5-AD5C-49FD-87C5-5CDD7F7C4A3C"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95F57929-810C-49A7-A22C-F09FE4D38FB4"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD2B9296-07C4-44D7-9803-2CA2716AB6D7"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta3:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A80411F7-3C4E-4F55-88E5-D7A0E82DA339"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta4:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4836E1A8-FFF0-4617-9502-4ACEAFA74336"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta5:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0163A2E1-FBE5-4D70-A6FF-6E08254B4228"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7CF31D4-421A-423E-9C50-703BA0E89025"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C63AB0B5-0FB2-4A33-B9AA-05E2BD02D26B"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc3:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BEABC0D-E70D-4E55-B310-E22242E57146"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc4:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA28E43F-7F3B-4A76-91B0-4E177C205F6A"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc5:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41EFC4DE-515B-46D3-AFD7-7FEF60847C3B"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc6:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4604C594-19B2-44FB-A4B3-4DC1E51473DD"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.1:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFA5D5B-018D-4D27-9C7E-BBBF82A5DA2F"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.2:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E36DAC-8764-4241-BCB2-C063E043C31C"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.3:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06D28AE6-D255-473D-BD5D-1B66D435CD31"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.4:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BCB46B9-0C84-4948-9E3D-C9567080FA72"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:6.x-1.x:dev:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77989161-ED44-4BB0-AC65-8FF14A56A5D8"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:-:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A816628A-17DC-48B0-8839-16134810FF7E"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:alpha1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E633D8C3-32E7-4B10-8408-1D0DA983E205"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:alpha2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "940EF9D8-3A2E-4A91-A082-F095FFEDD4E3"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:beta1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5212CB4A-1731-48D5-AFC9-DC6AFD884E6E"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:beta2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7149EDCE-60C2-4EFB-86CB-C26DCAA938B9"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.0:rc1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D0CFF91-51A3-4144-9926-9529AEA3C2CA"
          },
          {
            "criteria": "cpe:2.3:a:md-systems:simplenews:7.x-1.x:dev:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64BA220-CDD5-411D-82E6-325F268F2EAE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References