CVE-2014-9498

Published Jan 9, 2015

Last updated 10 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-1.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52677727-0684-43B3-A6A3-83BA0F8B498A"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-1.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA618326-F092-434F-A408-4DC1BF3642E7"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-1.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9C8A9FF-AACB-48B7-B063-1FD71269BDF3"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-2.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD9D4604-BC0A-4932-823B-9339130E3299"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-2.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "098A3B33-09D6-4C94-A003-B950A5C19CE9"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-2.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7DB0242-437C-4A3C-B8D5-22400DCAD050"
          },
          {
            "criteria": "cpe:2.3:a:webform_invitation_project:webform_invitation:7.x-2.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E4296F-3323-4448-9294-E44F48D4FE0F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References