CVE-2011-2714
Medium
Low
Medium
High
Critical
6.1
CVSS Score
Vulnerability Description
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
C
Confidentiality
L
Integrity
L
Availability
N
Known Affected Software
2 configuration(s) from 1 vendor(s)
drupal
Version:
6.20
CPE:
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
data
Version:
6.x-1.0
CPE:
cpe:2.3:a:drupal:data:6.x-1.0:alpha14:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://seclists.org/fulldisclosure/2011/Feb/219secalert@redhat.com Mailing List Third Party Advisory
-
https://www.drupal.org/node/1056470secalert@redhat.com Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2011/07/26/8secalert@redhat.com Mailing List Third Party Advisory
-
https://seclists.org/fulldisclosure/2011/Feb/219af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://www.drupal.org/node/1056470af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2011/07/26/8af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
Severity Details
6.1
out of 10.0
Medium
Weakness Type (CWE)
CWE-79
Top 25 #1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- Description
- The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- January 14, 2020
