CVE-2013-0325 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Varnish Http Accelerator Integration Project	Varnish

Configuration 1 [-]

AND

OR	cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.0:::::::*
	cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.1:::::::*
	cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.x:dev::::::
	cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:7.x-1.0:beta1::::::
	cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1922726
http://drupal.org/node/1922730
http://drupal.org/node/1922756
http://drupalcode.org/project/varnish.git/commitdiff/e6726b4
http://drupalcode.org/project/varnish.git/commitdiff/f69a62c
http://www.openwall.com/lists/oss-security/2013/02/21/5

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-27T21:00:00Z

Updated: 2024-09-17T02:06:01.545Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0325

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-03-27T21:55:02.847

Modified: 2013-03-28T04:00:00.000

Link: CVE-2013-0325

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-03-27T21:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1922756"}, {"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/varnish.git/commitdiff/f69a62c"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/varnish.git/commitdiff/e6726b4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1922726"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1922730"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0325", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1922756", "refsource": "MISC", "url": "http://drupal.org/node/1922756"}, {"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}, {"name": "http://drupalcode.org/project/varnish.git/commitdiff/f69a62c", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/varnish.git/commitdiff/f69a62c"}, {"name": "http://drupalcode.org/project/varnish.git/commitdiff/e6726b4", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/varnish.git/commitdiff/e6726b4"}, {"name": "http://drupal.org/node/1922726", "refsource": "CONFIRM", "url": "http://drupal.org/node/1922726"}, {"name": "http://drupal.org/node/1922730", "refsource": "CONFIRM", "url": "http://drupal.org/node/1922730"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:09.132Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1922756"}, {"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/varnish.git/commitdiff/f69a62c"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/varnish.git/commitdiff/e6726b4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1922726"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1922730"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0325", "datePublished": "2013-03-27T21:00:00Z", "dateReserved": "2012-12-06T00:00:00Z", "dateUpdated": "2024-09-17T02:06:01.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "397DAD1F-CFC4-464C-83DB-E4A4B2C1E878", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A207969-0FB7-4019-9D8E-96E78CA6B0C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "0E7F0744-A6B5-4A02-A1B9-A3942E1ABAD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:7.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "1B583A94-AE68-4CA0-9F57-282E61CC48BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_http_accelerator_integration_project:varnish:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "1E012EBA-955D-40A3-B2DA-ECDCB570E40A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting."}, {"lang": "es", "value": "Multiples cross-site scripting (XSS) en el modulo Varnish v6.x-1.x anterior a v6.x-1.2 y v7.x-1.x anterior a v7.x-1.0-beta2 para Drupal permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) mensajes Watchdog o (2) configuraci\u00f3n del administrador."}], "id": "CVE-2013-0325", "lastModified": "2013-03-28T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-03-27T21:55:02.847", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1922726"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1922730"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1922756"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/varnish.git/commitdiff/e6726b4"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/varnish.git/commitdiff/f69a62c"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}