CVE-2013-0244

Drupal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/89306

[Mailing List] http://seclists.org/fulldisclosure/2013/Jan/120

[Mailing List] http://seclists.org/oss-sec/2013/q1/211

[Patch, Vendor Advisory] https://drupal.org/SA-CORE-2013-001

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2776

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html

Scores

EPSS 0.0044

EPSS Percentile 63.1%

Details

CWE

CWE-79

Status published

Products (50)

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

... and 40 more

Published Jan 19, 2014

Tracked Since Feb 18, 2026