CVE-2013-5964

Joachim Noreiko Flag Module - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.

References (5)

[Patch] http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html

[Patch] http://seclists.org/fulldisclosure/2013/Aug/287

[Patch] https://drupal.org/node/2075287

[Patch, Vendor Advisory] https://drupal.org/node/2076221

[Third Party Advisory, VDB Entry] http://osvdb.org/96750

Scores

EPSS 0.0023

EPSS Percentile 45.7%

Details

CWE

CWE-79

Status published

Products (4)

joachim_noreiko/flag_module

n/a/n/a

Published Sep 30, 2013

Tracked Since Feb 18, 2026