CVE-2014-8747

Published Oct 13, 2014

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBDAD421-A8BB-4BDD-84FA-CA98DD18973B"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.3:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5CD112B-4199-4D9D-ACDD-D5093C51D4E2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.3:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D300A85C-1E69-4F7B-8B33-D6BD825C9F40"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CBA0623-D4B0-49F0-8194-D9058C34E063"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC83E3C-0338-468A-8F51-54A50CCC5895"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D93A9CB2-35DA-40C2-9A32-19CCFD885AD0"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.4:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80E638C-42FB-40C6-A788-945664703936"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B69C84-7B64-405B-94C1-86BAADD9F067"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "334E0AC2-2D73-4435-BA15-7166C6895126"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20867997-61A3-4F2E-A8D2-75FE8494FD47"
          },
          {
            "criteria": "cpe:2.3:a:drupal:commons:7.x-3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8739524-681B-411A-94B5-4B90915B88EB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References