mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
232 lines
8.8 KiB
JSON
232 lines
8.8 KiB
JSON
{
|
|
"id": "CVE-2014-8320",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2014-10-17T14:55:03.267",
|
|
"lastModified": "2017-09-08T01:29:22.450",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the \"Label text\" field to the results configuration page."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de XSS en el m\u00f3dulo para Drupal Custom Search 6.x-1.x anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.14 permite a atacantes remotos autenticados con determinados permisos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo 'texto de la etiqueta' ('Label text') en la p\u00e1gina de configuraci\u00f3n de resultados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.0:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "30CDB9FE-323D-49B5-A4DA-A6DC791D3BD5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.1:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "256FB26A-4012-4D12-A6AE-39077C91A2D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.2:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "05ACC523-BD97-4D93-8E05-FE9E21FFB77E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.3:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "F098EF14-882E-4A8B-94BE-F19288849163"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.4:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "F3A27C0A-5331-4D0F-977A-552DBBC32261"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.5:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "95778785-08AC-4DE6-99EA-DABB210EC347"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.6:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "37C14BAF-8580-444A-8931-198F8A3991FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.7:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "94172A1F-BD28-4C54-A570-3306B769A2A2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.8:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "177FD1D2-C192-4C80-8444-1D0FB4A1BA53"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.9:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "E394DAEF-D7CE-4C03-A8DC-A09D642D6F79"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.10:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "5004F026-7AEF-45F5-B743-893E787966B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.11:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "579E2A1D-20A4-4086-9DDB-E059468553B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.0:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "8872BFCE-E2F0-4905-A213-4585FDFFD889"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.1:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "AE28554F-126A-46DA-8E9E-8D6C6019D0B6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.2:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "11F5380E-33E9-4035-9E0C-5AB3FCE8ED31"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.3:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "14BAABB2-F791-4D21-9FCA-CC64FC8C5527"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.4:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "79339759-0AE1-4C2A-AF32-C439D2DAE749"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.5:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "564B5A49-3E18-48C3-8F2C-1751AB92177D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.6:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "9229B989-68FD-4727-9AE6-E9D7F44BC62D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.7:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "2B5E3BA5-9ADB-44B5-AD9C-6C8D383BB429"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.8:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "7CC08018-D0AA-4D40-AD6E-3176999D8A86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.9:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "6C4B03D5-0B57-426E-AF68-73BB50A6910C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.10:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "49DA2410-EEAD-410E-BF22-FE48AEC1C9D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.11:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "2B1FEA61-20BB-4232-8783-5598C6175F68"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.12:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "60AC31AB-FC3E-4EFE-9F82-766563E17BFC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.13:*:*:*:*:drupal:*:*",
|
|
"matchCriteriaId": "64832BA9-5E18-42A6-AA61-F4EF7FE7BFDB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2014/Apr/41",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://drupal.org/node/2231665",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.drupal.org/node/2231531",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.drupal.org/node/2231533",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |