CVE-2014-8765

Published Oct 14, 2014

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFE66FA2-888B-47CE-B866-4CF71E9D5BAB",
            "versionEndIncluding": "6.x-2.16"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1943FFBB-E321-45E0-BC7A-76C41136DA71"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD857F2-F595-405B-97D8-F0508E233605"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8EED650-FD9F-4E93-BD87-08FC2B063DE1"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "734044E8-D495-4D93-A1C6-8A6D2F06F616"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF1FAD85-0AF2-498E-8F77-185408B419DB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8B85E06-1E04-4D2D-B670-645A7577E87D"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53A24AA0-843F-4749-8C54-D71E9C537457"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "115D197D-0A3D-42C6-A51E-5706B61ABAAA"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54A1B26C-2A92-4B85-BA18-6A28C9EF8312"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC2FB82B-4EB9-4651-BB1D-4DBFA83A45DF"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F044D7F-E05F-4477-90B5-9A584AF5CE11"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D602B3CB-005F-405B-BBDF-2198C1C7939F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2047366E-FD7E-4460-8421-FAE0BF4E5F7A"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "292ABE80-D65D-4C79-A129-A9D02AC0C3E1"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054D40AB-8434-41ED-9DA3-2E1CFE350A15"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F7A915-0500-4D59-B41F-28C564476128"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B239A62-3D21-4A9E-BB0A-A61A8A1B62D8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB27AF00-FF67-4279-9461-9BC0395A4880"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9035F2EF-B2E0-4C47-9AD1-514AE6FBD28F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A37F3F95-07EA-4914-85D4-36D30659E832"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC5C4CDB-FF89-4F56-AA7C-C02EDBC2561B"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDE448B8-0D1A-4B4D-92F7-B122411C1C55"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531637CD-8A8B-4329-A3E8-E0C3B2D818F9"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E134D081-61FA-49FD-953E-C92519DD0495"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC517275-42B6-44BF-9A60-BB1F4223BDA3"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB16CC61-AEE1-4ACD-BC2F-B76DA8202D24"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F669810-0B21-4765-B1A7-C077708E53A7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References