CVE-2013-0323

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1922424	Patch
http://drupal.org/node/1922430	Patch
http://drupal.org/node/1922438	Patch Vendor Advisory
http://drupalcode.org/project/ds.git/commitdiff/45d490e	Patch
http://drupalcode.org/project/ds.git/commitdiff/665c791	Patch
http://drupalcode.org/project/ds.git/commitdiff/90bcd8f	Patch
http://www.openwall.com/lists/oss-security/2013/02/21/5

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:display_suite_project:ds:7.x-1.0:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.0:alpha1::::::
	cpe:2.3:a:display_suite_project:ds:7.x-1.0:alpha2::::::
	cpe:2.3:a:display_suite_project:ds:7.x-1.0:rc2::::::
	cpe:2.3:a:display_suite_project:ds:7.x-1.0:rc3::::::
	cpe:2.3:a:display_suite_project:ds:7.x-1.1:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.2:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.3:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.4:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.5:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.6:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-1.x:dev::::::
	cpe:2.3:a:display_suite_project:ds:7.x-2.0:::::::*
	cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta1::::::
	cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta2::::::
	cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta3::::::
	cpe:2.3:a:display_suite_project:ds:7.x-2.0:rc1::::::
	cpe:2.3:a:display_suite_project:ds:7.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-03-27 21:55

Updated : 2013-04-04 04:00

NVD link : CVE-2013-0323

Mitre link : CVE-2013-0323

CVE.ORG link : CVE-2013-0323

JSON object : View

Products Affected

display_suite_project

ds

drupal

drupal

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-0323", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-03-27T21:55:02.320", "references": [{"url": "http://drupal.org/node/1922424", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1922430", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1922438", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://drupalcode.org/project/ds.git/commitdiff/45d490e", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupalcode.org/project/ds.git/commitdiff/665c791", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupalcode.org/project/ds.git/commitdiff/90bcd8f", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field."}, {"lang": "es", "value": "Ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS) en el m\u00f3dulo Display Suite de v7.x-1.x antes v7.x-1.7 y v7.x-2.x antes v7.x-2.1 para Drupal que permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del campo de autor."}], "lastModified": "2013-04-04T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E3B11D4-53DF-4DEC-9679-4803AF3068D6"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CF0BD24-DCD4-44EC-92E5-C894D3A5F99A"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CE092A2-3DC0-4649-8BF8-1BE67907617D"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4AC6C11-865E-41E9-A054-C48945F6E415"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C487601D-F8D6-43FC-9D07-F15975E6F0EA"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD301AE3-B204-463E-8045-9D65D4DC7692"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0BFD5F-6BBE-4DEA-91E9-12D5A6C7FDD0"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EEEC8F-A82B-402A-8F9F-D4B6FE1F54CE"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3F2AC2A-DE5D-442D-8205-3A3219C3F4ED"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E3F16AB-434C-413F-9D20-53D69B512FDD"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF26D282-20D3-491E-94CB-AEA06D9B3AE5"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EFE7BCD-90F5-4C63-B0AA-9BA583C87156"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD970F3-FC6B-46F5-810D-FD3213B28511"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C31DA198-406A-4A16-87FE-3A9D08974DA9"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08242D07-3ABB-4D0E-BE2C-5CCE18B0F40C"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F41D7D1-E95D-4738-B3B0-4DD15B3C39A2"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "721D6964-B671-4169-8BF0-537981FCE970"}, {"criteria": "cpe:2.3:a:display_suite_project:ds:7.x-2.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4EA28D0-A8B8-4507-BA86-04ED16C69840"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}