2.1
CVE-2014-9740
- EPSS 0.21%
- Veröffentlicht 06.07.2015 15:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rules Link Project ≫ Rules Link Version7.x-1.0 SwPlatformdrupal
Rules Link Project ≫ Rules Link Version7.x-1.0 Updatebeta1 SwPlatformdrupal
Rules Link Project ≫ Rules Link Version7.x-1.0 Updatebeta2 SwPlatformdrupal
Rules Link Project ≫ Rules Link Version7.x-1.0 Updatebeta3 SwPlatformdrupal
Rules Link Project ≫ Rules Link Version7.x-1.0 Updatebeta4 SwPlatformdrupal
Rules Link Project ≫ Rules Link Version7.x-1.0 Updatebeta5 SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.