CVE-2014-9363

Published Dec 10, 2014

Last updated 10 years ago

CVSS info 5.5

Overview

Description: Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AF4D079-4403-47D0-929D-80623D8ACB13"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90CD61B3-4917-473D-8153-6E861FA635B1"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5F59C22-2DE5-43CA-9944-25D6F8AD4359"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82814E75-07CA-4C58-9A16-35A415FFC314"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.4:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C6185E8-C9E9-441F-AB48-9EEF86759229"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.5:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C2136C2-5642-46A6-93A0-1779B18FFB3E"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.6:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BCA778E-987A-4992-B59A-AD25A66221FF"
          },
          {
            "criteria": "cpe:2.3:a:meta_tags_quick_project:meta_tags_quick:7.x-2.7:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2A1A611-C030-40C9-A527-E6543588F47B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References