CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-4378

Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.2%

CVSS Severity

CVSS v2 Score 2.1

References

http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2458675
https://www.drupal.org/node/2459315
http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2458675
https://www.drupal.org/node/2459315

Products affected by CVE-2015-4378

Crumbs Project » Crumbs » Version: 7.x-2.0

cpe:2.3:a:crumbs_project:crumbs:7.x-2.0
Crumbs Project » Crumbs » Version: 7.x-2.1

cpe:2.3:a:crumbs_project:crumbs:7.x-2.1
Crumbs Project » Crumbs » Version: 7.x-2.2

cpe:2.3:a:crumbs_project:crumbs:7.x-2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4378

Products

Pricing

Contact Us