Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0181

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2013-0181
Last Modified 24 Oct 2014 02:45:04
Published 27 Mar 2013 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0181

Summary

Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.

Vulnerable Systems

Application

  • Thomas Seidl Search Api 7.x-1.0

  • Thomas Seidl Search Api 7.x-1.1

  • Thomas Seidl Search Api 7.x-1.2

  • Thomas Seidl Search Api 7.x-1.3

  • Thomas Seidl Search Api 7.x-1.x


References

MISC - https://drupal.org/node/1884332

CONFIRM - https://drupal.org/node/1884076

MLIST - [oss-security] 20130114 Re: CVE request for Drupal contributed modules

CONFIRM - http://drupalcode.org/project/search_api.git/commitdiff/35b5728

XF - drupal-searchapi-unspecified-xss(81153)

BID - 57231

SECUNIA - 51806

OSVDB - 89117


Last Updated: 27 May 2016 11:02:08