Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9500

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9500
Last Modified 12 Jan 2015 02:09:14
Published 09 Jan 2015 01:59:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9500

Summary

Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.

Vulnerable Systems

Application

  • Moip Project Moip 7.x-1.0

  • Moip Project Moip 7.x-1.1

  • Moip Project Moip 7.x-1.2

  • Moip Project Moip 7.x-1.3


References

MISC - https://www.drupal.org/node/2390849

CONFIRM - https://www.drupal.org/node/2390699

MLIST - [oss-security] 20150103 Re: CVE requests: Drupal contributed modules

MLIST - [oss-security] 20150103 CVE requests: Drupal contributed modules


Last Updated: 27 May 2016 11:07:30