Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9505

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-9505
Last Modified 12 Jan 2015 02:11:11
Published 09 Jan 2015 01:59:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9505

Summary

Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.

Vulnerable Systems

Application

  • School Administration Project School Administration 7.x-1.0

  • School Administration Project School Administration 7.x-1.1

  • School Administration Project School Administration 7.x-1.4

  • School Administration Project School Administration 7.x-1.5

  • School Administration Project School Administration 7.x-1.6

  • School Administration Project School Administration 7.x-1.7


References

MISC - https://www.drupal.org/node/2395015

CONFIRM - https://www.drupal.org/node/2391119

XF - schooladmin-drupal-cve20149505-xss(99654)

MLIST - [oss-security] 20150103 Re: CVE requests: Drupal contributed modules

MLIST - [oss-security] 20150103 CVE requests: Drupal contributed modules


Last Updated: 27 May 2016 11:07:30