nvd-json-data-feeds/CVE-2015/CVE-2015-33xx/CVE-2015-3390.json

{
  "id": "CVE-2015-3390",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2015-04-21T18:59:12.407",
  "lastModified": "2017-09-08T01:29:50.403",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the \"access administration pages\" permission to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el m\u00f3dulo Facebook Album Fetcher para Drupal permite a usuarios remotos autenticados con el permiso 'acceder a las p\u00e1ginas de administraci\u00f3n' inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook_album_fetcher_project:facebook_album_fetcher:7.x-1.x-dev:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "1879F1EF-B396-47D1-AEA7-B06C543376F7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.openwall.com/lists/oss-security/2015/02/05/16",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/72570",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100655",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.drupal.org/node/2420161",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}