Executive Summary

Informations
NameCVE-2013-1785First vendor Publication2013-03-27
VendorCveLast vendor Modification2013-03-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Cvss Base Score2.1Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score3.9AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1785

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://drupal.org/node/1730752
http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91
http://drupalcode.org/project/responsive.git/commitdiff/6b593ff
MISChttp://drupal.org/node/1929508
MLISThttp://www.openwall.com/lists/oss-security/2013/02/28/3

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2013-05-10 22:30:00
  • Multiple Updates
2013-03-28 21:18:33
  • Multiple Updates
2013-03-28 13:18:41
  • First insertion