NVD

Id
25244  
Name
CVE-2015-3390  
Description
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-04-21  
Modified Date
2016-12-05  
Seq
2015-3390  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
133520 25244 CVE-2015-3390 [oss-security] 20150205 CVE requests for Drupal contributed modules  View
133521 25244 CVE-2015-3390 72570  View
133522 25244 CVE-2015-3390 drupal-facebookalbumfetcher-xss(100655)  View
133523 25244 CVE-2015-3390 https://www.drupal.org/node/2420161  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7138 JVNDB-2015-002458 Drupal 用 Facebook Album Fetcher モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 Facebook Album Fetcher モジュールには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2015-3390 80615 CVE-2015-3390 25244 3.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002458.html 2015-02-04 2015-04-24 View