Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://osvdb.org/94234 | secalert@redhat.com | N/A |
| http://seclists.org/fulldisclosure/2013/Jun/94 | secalert@redhat.com | N/A |
| https://drupal.org/node/2017639 | secalert@redhat.com | N/A |
| https://drupal.org/node/2017641 | secalert@redhat.com | N/A |
| https://drupal.org/node/2017933 | secalert@redhat.com | Vendor Advisory |
| http://osvdb.org/94234 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://seclists.org/fulldisclosure/2013/Jun/94 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://drupal.org/node/2017639 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://drupal.org/node/2017641 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://drupal.org/node/2017933 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |