Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2197

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-2197
Last Modified 04 Mar 2015 02:13:23
Published 03 Mar 2015 02:59:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-2197

Summary

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.

Vulnerable Systems

Application

  • Entity Api Project Entity Api 7.x-1.5


References

MISC - https://www.drupal.org/node/2437905

CONFIRM - https://www.drupal.org/node/2437885

BID - 72806


Last Updated: 27 May 2016 11:07:58