The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-11T20:19:56

Updated: 2024-08-06T16:38:01.575Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-11T21:15:10.830

Modified: 2024-11-21T01:55:09.930

Link: CVE-2013-4225

cve-icon Redhat

Severity : Important

Publid Date: 2014-07-11T00:00:00Z

Links: CVE-2013-4225 - Bugzilla