CVE-2013-1887 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Views Project	Views

Configuration 1 [-]

AND

OR	cpe:2.3:a:views_project:views:7.x-3.0:::::::*
	cpe:2.3:a:views_project:views:7.x-3.0:alpha1::::::
	cpe:2.3:a:views_project:views:7.x-3.0:beta1::::::
	cpe:2.3:a:views_project:views:7.x-3.0:beta2::::::
	cpe:2.3:a:views_project:views:7.x-3.0:beta3::::::
	cpe:2.3:a:views_project:views:7.x-3.0:rc1::::::
	cpe:2.3:a:views_project:views:7.x-3.0:rc3::::::
	cpe:2.3:a:views_project:views:7.x-3.1:::::::*
	cpe:2.3:a:views_project:views:7.x-3.2:::::::*
	cpe:2.3:a:views_project:views:7.x-3.3:::::::*
	cpe:2.3:a:views_project:views:7.x-3.4:::::::*
	cpe:2.3:a:views_project:views:7.x-3.5:::::::*
	cpe:2.3:a:views_project:views:7.x-3.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1948354
http://drupal.org/node/1948358
http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac
http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2013/Mar/193
http://secunia.com/advisories/51540
http://www.openwall.com/lists/oss-security/2013/03/22/8
http://www.openwall.com/lists/oss-security/2013/03/25/4
http://www.osvdb.org/91576
http://www.securityfocus.com/bid/58621

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-27T23:00:00Z

Updated: 2024-09-16T20:57:54.581Z

Reserved: 2013-02-19T00:00:00Z

Link: CVE-2013-1887

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-03-27T23:55:01.047

Modified: 2013-03-28T04:00:00.000

Link: CVE-2013-1887

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-03-27T23:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "51540", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51540"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1948358"}, {"name": "91576", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/91576"}, {"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"}, {"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Mar/193"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"}, {"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"}, {"name": "58621", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58621"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1948354"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1887", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51540", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51540"}, {"name": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"}, {"name": "http://drupal.org/node/1948358", "refsource": "MISC", "url": "http://drupal.org/node/1948358"}, {"name": "91576", "refsource": "OSVDB", "url": "http://www.osvdb.org/91576"}, {"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"}, {"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Mar/193"}, {"name": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"}, {"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"}, {"name": "58621", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58621"}, {"name": "http://drupal.org/node/1948354", "refsource": "CONFIRM", "url": "http://drupal.org/node/1948354"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.930Z"}, "title": "CVE Program Container", "references": [{"name": "51540", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51540"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1948358"}, {"name": "91576", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/91576"}, {"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"}, {"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2013/Mar/193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"}, {"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"}, {"name": "58621", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58621"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1948354"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1887", "datePublished": "2013-03-27T23:00:00Z", "dateReserved": "2013-02-19T00:00:00Z", "dateUpdated": "2024-09-16T20:57:54.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4DD5CD4-BE1E-4CD0-8154-E71F194EC21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "575313F3-ADA8-409F-A46F-DFD851B157E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "66F77966-456C-42A4-ADBB-FA220214FB2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "B7B59C40-649C-40DD-A09F-CA3EA51291D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "59EED1F0-CF33-4F87-A51E-B30F2C025FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B409004F-1282-4AB6-8455-CB2095A45C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "6FFF9294-F089-4D34-8C35-974132F22B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "568E9296-C2AD-4D80-9327-F9A0DCBB5917", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E087F61C-07A5-4037-A282-A460CBE616E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:*:*:*", "matchCriteriaId": "50EB9D66-120E-426D-B3E9-1EAC8CB14D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:*:*:*", "matchCriteriaId": "FA161F50-6EBD-4B3C-8BE7-AFB13B29A0CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:*:*:*", "matchCriteriaId": "49A7C3D5-EDFA-4728-B84D-69C864351494", "vulnerable": true}, {"criteria": "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "6E62EF74-120B-4474-9660-22803BF41A6A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a trav\u00e9s de ciertos campos de la vista de configuraci\u00f3n."}], "id": "CVE-2013-1887", "lastModified": "2013-03-28T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-03-27T23:55:01.047", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1948354"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1948358"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2013/Mar/193"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51540"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/91576"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58621"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}