CVE-2014-7870
Published Oct 6, 2014
Last updated 10 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF092DFE-D858-4D53-96B8-09C8EAE62395"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F650CC3-B2FA-4DDF-93D1-728C592498B0"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "434918EF-24A0-4AFB-9AC5-8C5B81DEE24D"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D46BE99-16F8-4335-95C6-984359366D54"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "652F0546-00A5-4C74-BE8B-13F0C5205B90"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9E6EF58-24CD-4065-85F9-C09A4BD5923D"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB1433ED-F731-48C6-9A78-3A459F3EC7F9"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5ED92031-F86D-49EA-BC94-479074F15714"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "359F0376-C40B-4C7A-8372-81F43394A23D"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A824973-A8CB-4F95-A529-B442A0390994"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7B7FF75-056C-47A9-B69E-3CC39307A423"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:6.x-1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B643BF49-7662-4A8D-9CB1-EAA3758E54CC"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4BCAF1F-04B4-4656-B289-231F9AEEF688"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09D993DC-B476-436D-B9D5-E3317A25B22A"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93F2D264-2567-4412-9419-F2D2128D3923"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40090A7F-113B-4C39-B325-BAA772D527AF"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81D2E71A-5F17-4554-B08C-EFED07857D75"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "835B1970-66D4-45E7-BED1-3524B612A905"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEE3CFD0-40B0-4C97-B433-EC9F67413CCA"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F89A456-A597-44F9-A86D-CDB52885A085"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CB07EA7-58FC-48BB-8AA7-CE71AF22F389"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D3CAB8E-DA65-4DE1-9AF8-9B2FAD2684BA"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5BE09E8-8FA7-4367-884D-EA2DB21F87EA"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50439FA6-56DB-4EF9-A596-0FAB0F997FF6"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "459018E6-5971-4DEA-B2A4-915ADCE55847"
},
{
"criteria": "cpe:2.3:a:drupal:custom_search_module:7.x-1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2B98F67-89C0-44D7-AD1C-99393EAF585B"
}
],
"operator": "OR"
}
]
}
]