CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-3369

Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v2 Score 3.5

References

http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/74274
https://www.drupal.org/node/2409767
https://www.drupal.org/node/2409769
https://www.drupal.org/node/2411573
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/74274
https://www.drupal.org/node/2409767
https://www.drupal.org/node/2409769
https://www.drupal.org/node/2411573

Products affected by CVE-2015-3369

Taxonews Project » Taxonews » Version: 6.x-1.1

cpe:2.3:a:taxonews_project:taxonews:6.x-1.1
Taxonews Project » Taxonews » Version: 7.x-1.0

cpe:2.3:a:taxonews_project:taxonews:7.x-1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3369

Products

Pricing

Contact Us