CVE-2013-5938

Click2sell Suite Module - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.

References (5)

[Mailing List] http://seclists.org/fulldisclosure/2013/Sep/64

[Vendor Advisory] https://drupal.org/node/2087055

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/87050

[Mailing List] http://www.openwall.com/lists/oss-security/2013/10/21/5

[Third Party Advisory, VDB Entry] http://osvdb.org/97204

Scores

EPSS 0.0033

EPSS Percentile 55.6%

Details

CWE

CWE-79

Status published

Products (2)

click2sell/click2sell_suite_module

n/a/n/a

Published Sep 25, 2013

Tracked Since Feb 18, 2026