CVE-2013-4174 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Ows	Scald

Configuration 1 [-]

AND

cpe:2.3:a:ows:scald:7.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupalcode.org/project/scald.git/commitdiff/32db1ee
http://osvdb.org/95625
http://seclists.org/fulldisclosure/2013/Jul/224
http://secunia.com/advisories/54144
http://www.securityfocus.com/bid/61426
https://drupal.org/node/2049251
https://drupal.org/node/2049415
https://exchange.xforce.ibmcloud.com/vulnerabilities/85964

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-08-19T23:00:00

Updated: 2024-08-06T16:38:00.163Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4174

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-08-19T23:55:08.570

Modified: 2024-11-21T01:55:03.510

Link: CVE-2013-4174

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "95625", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95625"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2049251"}, {"name": "54144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54144"}, {"name": "scald-atomtitle-xss(85964)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85964"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee"}, {"name": "20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Jul/224"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2049415"}, {"name": "61426", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61426"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95625", "refsource": "OSVDB", "url": "http://osvdb.org/95625"}, {"name": "https://drupal.org/node/2049251", "refsource": "CONFIRM", "url": "https://drupal.org/node/2049251"}, {"name": "54144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54144"}, {"name": "scald-atomtitle-xss(85964)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85964"}, {"name": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee"}, {"name": "20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Jul/224"}, {"name": "https://drupal.org/node/2049415", "refsource": "MISC", "url": "https://drupal.org/node/2049415"}, {"name": "61426", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61426"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:00.163Z"}, "title": "CVE Program Container", "references": [{"name": "95625", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95625"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2049251"}, {"name": "54144", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54144"}, {"name": "scald-atomtitle-xss(85964)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85964"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee"}, {"name": "20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2013/Jul/224"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2049415"}, {"name": "61426", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61426"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4174", "datePublished": "2013-08-19T23:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:00.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ows:scald:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "43ECEEF8-BE21-4C57-A202-95A2BE9AAC18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades XSS en el m\u00f3dulo Scald 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a tacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de (1) flash_uri, (2) flash_width, o (3) flash_height en la funci\u00f3n scald_flash_scald_prerender en providers/scald_flash/scald_flash.module; o el (4) caption en la funci\u00f3n scald_image_scald_prerender en providers/scald_image/scald_image.module."}], "id": "CVE-2013-4174", "lastModified": "2024-11-21T01:55:03.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-08-19T23:55:08.570", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/95625"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2013/Jul/224"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/54144"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/61426"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2049251"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2049415"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://drupalcode.org/project/scald.git/commitdiff/32db1ee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/95625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2013/Jul/224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/54144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://drupal.org/node/2049251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2049415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85964"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}