CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4387

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.3%

CVSS Severity

CVSS v2 Score 2.6

References

Products affected by CVE-2015-4387

Password Policy Project » Password Policy » Version: 6.x-1.0

cpe:2.3:a:password_policy_project:password_policy:6.x-1.0
Password Policy Project » Password Policy » Version: 6.x-1.1

cpe:2.3:a:password_policy_project:password_policy:6.x-1.1
Password Policy Project » Password Policy » Version: 6.x-1.10

cpe:2.3:a:password_policy_project:password_policy:6.x-1.10
Password Policy Project » Password Policy » Version: 6.x-1.2

cpe:2.3:a:password_policy_project:password_policy:6.x-1.2
Password Policy Project » Password Policy » Version: 6.x-1.3

cpe:2.3:a:password_policy_project:password_policy:6.x-1.3
Password Policy Project » Password Policy » Version: 6.x-1.4

cpe:2.3:a:password_policy_project:password_policy:6.x-1.4
Password Policy Project » Password Policy » Version: 6.x-1.5

cpe:2.3:a:password_policy_project:password_policy:6.x-1.5
Password Policy Project » Password Policy » Version: 6.x-1.6

cpe:2.3:a:password_policy_project:password_policy:6.x-1.6
Password Policy Project » Password Policy » Version: 6.x-1.7

cpe:2.3:a:password_policy_project:password_policy:6.x-1.7
Password Policy Project » Password Policy » Version: 6.x-1.8

cpe:2.3:a:password_policy_project:password_policy:6.x-1.8
Password Policy Project » Password Policy » Version: 6.x-1.9

cpe:2.3:a:password_policy_project:password_policy:6.x-1.9
Password Policy Project » Password Policy » Version: 7.x-1.0

cpe:2.3:a:password_policy_project:password_policy:7.x-1.0
Password Policy Project » Password Policy » Version: 7.x-1.1

cpe:2.3:a:password_policy_project:password_policy:7.x-1.1
Password Policy Project » Password Policy » Version: 7.x-1.10

cpe:2.3:a:password_policy_project:password_policy:7.x-1.10
Password Policy Project » Password Policy » Version: 7.x-1.2

cpe:2.3:a:password_policy_project:password_policy:7.x-1.2
Password Policy Project » Password Policy » Version: 7.x-1.3

cpe:2.3:a:password_policy_project:password_policy:7.x-1.3
Password Policy Project » Password Policy » Version: 7.x-1.4

cpe:2.3:a:password_policy_project:password_policy:7.x-1.4
Password Policy Project » Password Policy » Version: 7.x-1.5

cpe:2.3:a:password_policy_project:password_policy:7.x-1.5
Password Policy Project » Password Policy » Version: 7.x-1.6

cpe:2.3:a:password_policy_project:password_policy:7.x-1.6
Password Policy Project » Password Policy » Version: 7.x-1.7

cpe:2.3:a:password_policy_project:password_policy:7.x-1.7
Password Policy Project » Password Policy » Version: 7.x-1.8

cpe:2.3:a:password_policy_project:password_policy:7.x-1.8
Password Policy Project » Password Policy » Version: 7.x-1.9

cpe:2.3:a:password_policy_project:password_policy:7.x-1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4387

Products

Pricing

Contact Us