Vulnerability Details CVE-2014-8765
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2014-8765
-
cpe:2.3:a:drupal:project_issue_file_review:*
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.00
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.01
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.02
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.03
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.04
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.05
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.06
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.07
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.10
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.13
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14
-
cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15