CVE-2013-7064

Published Apr 29, 2014

Last updated 3 months ago

CVSS info 2.1

Overview

Description: Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:*:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFB40B8-5599-46D5-8142-8A251841ED90",
            "versionEndIncluding": "7.x-1.11"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF0A0C18-5BB7-4DC6-AEFB-CE59FA6275FC"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE07F943-50BB-4D55-92D3-61373AB59D11"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5567DEE3-FCD9-4AB0-9453-B52D04FFD1BE"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.6:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D30D39C-8E0C-4AC3-A1FF-7FFB0AD41D47"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.7:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3FCE9FF-20A6-4EA2-A4EF-FC7D8AA2396F"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.8:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40C7C051-35ED-44A6-A26C-32036BA8D772"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.9:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB1EDE2E-002E-4F48-970E-961BE94AA36F"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.10:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DA10457-F8BE-40AF-8F5B-D822BABD7EB1"
          },
          {
            "criteria": "cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.x:dev:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "827030C0-51FE-4E8F-92B3-52B42B875662"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References