CVE-2014-8765
Published Oct 14, 2014
Last updated 10 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFE66FA2-888B-47CE-B866-4CF71E9D5BAB",
"versionEndIncluding": "6.x-2.16"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1943FFBB-E321-45E0-BC7A-76C41136DA71"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBD857F2-F595-405B-97D8-F0508E233605"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8EED650-FD9F-4E93-BD87-08FC2B063DE1"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "734044E8-D495-4D93-A1C6-8A6D2F06F616"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF1FAD85-0AF2-498E-8F77-185408B419DB"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8B85E06-1E04-4D2D-B670-645A7577E87D"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53A24AA0-843F-4749-8C54-D71E9C537457"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "115D197D-0A3D-42C6-A51E-5706B61ABAAA"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A1B26C-2A92-4B85-BA18-6A28C9EF8312"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC2FB82B-4EB9-4651-BB1D-4DBFA83A45DF"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F044D7F-E05F-4477-90B5-9A584AF5CE11"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D602B3CB-005F-405B-BBDF-2198C1C7939F"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2047366E-FD7E-4460-8421-FAE0BF4E5F7A"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "292ABE80-D65D-4C79-A129-A9D02AC0C3E1"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "054D40AB-8434-41ED-9DA3-2E1CFE350A15"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51F7A915-0500-4D59-B41F-28C564476128"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B239A62-3D21-4A9E-BB0A-A61A8A1B62D8"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB27AF00-FF67-4279-9461-9BC0395A4880"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9035F2EF-B2E0-4C47-9AD1-514AE6FBD28F"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A37F3F95-07EA-4914-85D4-36D30659E832"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC5C4CDB-FF89-4F56-AA7C-C02EDBC2561B"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDE448B8-0D1A-4B4D-92F7-B122411C1C55"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "531637CD-8A8B-4329-A3E8-E0C3B2D818F9"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E134D081-61FA-49FD-953E-C92519DD0495"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC517275-42B6-44BF-9A60-BB1F4223BDA3"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB16CC61-AEE1-4ACD-BC2F-B76DA8202D24"
},
{
"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F669810-0B21-4765-B1A7-C077708E53A7"
}
],
"operator": "OR"
}
]
}
]