Vulnerability Details CVE-2013-0259
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://drupal.org/node/1897016
- http://drupal.org/node/1903300
- http://drupalcode.org/project/boxes.git/commitdiff/456ff8e
- http://www.openwall.com/lists/oss-security/2013/02/05/1
- http://www.securityfocus.com/bid/57642
- http://drupal.org/node/1897016
- http://drupal.org/node/1903300
- http://drupalcode.org/project/boxes.git/commitdiff/456ff8e
- http://www.openwall.com/lists/oss-security/2013/02/05/1
- http://www.securityfocus.com/bid/57642
Products affected by CVE-2013-0259
-
cpe:2.3:a:boxes_project:boxes:7.x-1.0
-
cpe:2.3:a:boxes_project:boxes:7.x-1.x
-
cpe:2.3:a:drupal:drupal:-