CVE-2013-4174

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

🔗 References (16)

secalert@redhathttp://drupalcode.org/project/scald.git/commitdiff/32db1ee
secalert@redhathttp://osvdb.org/95625
secalert@redhathttp://seclists.org/fulldisclosure/2013/Jul/224
secalert@redhathttp://secunia.com/advisories/54144
secalert@redhathttp://www.securityfocus.com/bid/61426
secalert@redhathttps://drupal.org/node/2049251
secalert@redhathttps://drupal.org/node/2049415
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/85964
af854a3a-2127-422b-91ae-364da2661108http://drupalcode.org/project/scald.git/commitdiff/32db1ee
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95625
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Jul/224
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54144
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61426
af854a3a-2127-422b-91ae-364da2661108https://drupal.org/node/2049251
af854a3a-2127-422b-91ae-364da2661108https://drupal.org/node/2049415

Is Your Infrastructure Affected by CVE-2013-4174?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-4174

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-4174?