Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4336

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4336
Last Modified 28 Apr 2014 03:32:53
Published 27 Apr 2014 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4336

Summary

Cross-site scripting (XSS) vulnerability in the admin page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag name.

Vulnerable Systems

Application

  • Joachim Noreiko Flag Module 7.x-3.0


References

MISC - https://drupal.org/node/2076221

CONFIRM - https://drupal.org/node/2075287

MLIST - [oss-security] 20130911 Re: CVE request for Drupal contrib modules


Last Updated: 27 May 2016 11:05:06