CVE-2016-1913

MEDIUM

Redhen module <7.x-1.11 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores.

References (2)

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 40.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (17)

redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
redhen_project/redhen
... and 2 more

Timeline

Published Jan 15, 2016
Tracked Since Feb 18, 2026