← Volver a CVEs
CVE-2013-4275
MEDIUM5.4
Descripcion
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado11/13/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
zen_project:zen
Debilidades (CWE)
CWE-79
Referencias
http://seclists.org/fulldisclosure/2013/Aug/226(secalert@redhat.com)
http://www.madirish.net/?article=452(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2013/08/22/2(secalert@redhat.com)
http://www.securityfocus.com/bid/61922(secalert@redhat.com)
https://drupal.org/node/2071055(secalert@redhat.com)
https://drupal.org/node/2071065(secalert@redhat.com)
https://drupal.org/node/2071157(secalert@redhat.com)
https://drupal.org/node/754000(secalert@redhat.com)
http://seclists.org/fulldisclosure/2013/Aug/226(af854a3a-2127-422b-91ae-364da2661108)
http://www.madirish.net/?article=452(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/08/22/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/61922(af854a3a-2127-422b-91ae-364da2661108)
https://drupal.org/node/2071055(af854a3a-2127-422b-91ae-364da2661108)
https://drupal.org/node/2071065(af854a3a-2127-422b-91ae-364da2661108)
https://drupal.org/node/2071157(af854a3a-2127-422b-91ae-364da2661108)
https://drupal.org/node/754000(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.