Vulnerability Details CVE-2013-7064
Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2013/12/06/7
- http://www.openwall.com/lists/oss-security/2013/12/12/1
- https://drupal.org/node/2139875
- https://drupal.org/node/2140123
- http://www.openwall.com/lists/oss-security/2013/12/06/7
- http://www.openwall.com/lists/oss-security/2013/12/12/1
- https://drupal.org/node/2139875
- https://drupal.org/node/2140123
Products affected by CVE-2013-7064
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.0
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.1
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.10
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.11
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.2
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.6
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.7
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.8
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.9
-
cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.x