CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5169

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v2 Score 3.5

References

http://www.openwall.com/lists/oss-security/2014/07/31/2
http://www.openwall.com/lists/oss-security/2014/07/31/4
http://www.securityfocus.com/bid/68974
https://www.drupal.org/node/2311887
https://www.drupal.org/node/2312609
http://www.openwall.com/lists/oss-security/2014/07/31/2
http://www.openwall.com/lists/oss-security/2014/07/31/4
http://www.securityfocus.com/bid/68974
https://www.drupal.org/node/2311887
https://www.drupal.org/node/2312609

Products affected by CVE-2014-5169

Date Project » Date » Version: 7.x-2.7

cpe:2.3:a:date_project:date:7.x-2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5169

Products

Pricing

Contact Us