Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 2.1 | LOW | AV:N/AC:H/Au:S/C:N/I:P/A:N |
| CWE ID | Type | Source |
|---|---|---|
| CWE-79 | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2804 | secalert@redhat.com | N/A |
| http://www.openwall.com/lists/oss-security/2013/11/22/4 | secalert@redhat.com | N/A |
| https://drupal.org/SA-CORE-2013-003 | secalert@redhat.com | Patch Vendor Advisory |
| http://www.debian.org/security/2013/dsa-2804 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.openwall.com/lists/oss-security/2013/11/22/4 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://drupal.org/SA-CORE-2013-003 | af854a3a-2127-422b-91ae-364da2661108 | Patch Vendor Advisory |