NVD

Id
39826  
Name
CVE-2013-4174  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2013-08-19  
Modified Date
2013-08-20  
Seq
2013-4174  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
202602 39826 CVE-2013-4174 http://drupalcode.org/project/scald.git/commitdiff/32db1ee  View
202603 39826 CVE-2013-4174 20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)  View
202604 39826 CVE-2013-4174 61426  View
202605 39826 CVE-2013-4174 scald-atomtitle-xss(85964)  View
202606 39826 CVE-2013-4174 https://drupal.org/node/2049251  View
202607 39826 CVE-2013-4174 https://drupal.org/node/2049415  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22221 JVNDB-2013-003796 Drupal 用 scald モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 scald モジュールには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2013-4174 64116 CVE-2013-4174 39826 4.3 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003796.html 2013-07-24 2013-08-21 View