Vulnerability CVE-2014-8378


Published: 2014-10-21

Description:
Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Tablefield project -> Tablefield module 
Tablefield project -> Tablefield 
Drupal -> Tablefield module 

 References:
http://www.securityfocus.com/bid/69227
https://exchange.xforce.ibmcloud.com/vulnerabilities/95312
https://www.drupal.org/node/2320027
https://www.drupal.org/node/2320613

Copyright 2024, cxsecurity.com

 

Back to Top