CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-0771

The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://drupal.org/node/1033154
http://osvdb.org/70623
http://secunia.com/advisories/42980
http://www.securityfocus.com/bid/45926
https://exchange.xforce.ibmcloud.com/vulnerabilities/64847
https://exchange.xforce.ibmcloud.com/vulnerabilities/64848
http://drupal.org/node/1033154
http://osvdb.org/70623
http://secunia.com/advisories/42980
http://www.securityfocus.com/bid/45926
https://exchange.xforce.ibmcloud.com/vulnerabilities/64847
https://exchange.xforce.ibmcloud.com/vulnerabilities/64848

Products affected by CVE-2011-0771

Drupal » Drupal » Version: N/A

cpe:2.3:a:drupal:drupal:-
Janrain » Rpx » Version: 6.x-1.3

cpe:2.3:a:janrain:rpx:6.x-1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-0771

Products

Pricing

Contact Us