{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the \"Label text\" field to the results configuration page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "57373", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57373"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2231665"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2231531"}, {"name": "custom-search-drupal-xss(92347)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347"}, {"name": "20140402 Drupal Custom Search module XSS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Apr/41"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2231533"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the \"Label text\" field to the results configuration page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "57373", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57373"}, {"name": "https://drupal.org/node/2231665", "refsource": "MISC", "url": "https://drupal.org/node/2231665"}, {"name": "https://www.drupal.org/node/2231531", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2231531"}, {"name": "custom-search-drupal-xss(92347)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347"}, {"name": "20140402 Drupal Custom Search module XSS", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Apr/41"}, {"name": "https://www.drupal.org/node/2231533", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2231533"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.120Z"}, "title": "CVE Program Container", "references": [{"name": "57373", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57373"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2231665"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2231531"}, {"name": "custom-search-drupal-xss(92347)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347"}, {"name": "20140402 Drupal Custom Search module XSS", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Apr/41"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2231533"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8320", "datePublished": "2014-10-17T14:00:00", "dateReserved": "2014-10-17T00:00:00", "dateUpdated": "2024-08-06T13:10:51.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.0:*:*:*:*:drupal:*:*", "matchCriteriaId": "30CDB9FE-323D-49B5-A4DA-A6DC791D3BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "256FB26A-4012-4D12-A6AE-39077C91A2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "05ACC523-BD97-4D93-8E05-FE9E21FFB77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.3:*:*:*:*:drupal:*:*", "matchCriteriaId": "F098EF14-882E-4A8B-94BE-F19288849163", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.4:*:*:*:*:drupal:*:*", "matchCriteriaId": "F3A27C0A-5331-4D0F-977A-552DBBC32261", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.5:*:*:*:*:drupal:*:*", "matchCriteriaId": "95778785-08AC-4DE6-99EA-DABB210EC347", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.6:*:*:*:*:drupal:*:*", "matchCriteriaId": "37C14BAF-8580-444A-8931-198F8A3991FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.7:*:*:*:*:drupal:*:*", "matchCriteriaId": "94172A1F-BD28-4C54-A570-3306B769A2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.8:*:*:*:*:drupal:*:*", "matchCriteriaId": "177FD1D2-C192-4C80-8444-1D0FB4A1BA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.9:*:*:*:*:drupal:*:*", "matchCriteriaId": "E394DAEF-D7CE-4C03-A8DC-A09D642D6F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.10:*:*:*:*:drupal:*:*", "matchCriteriaId": "5004F026-7AEF-45F5-B743-893E787966B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:6.x-1.11:*:*:*:*:drupal:*:*", "matchCriteriaId": "579E2A1D-20A4-4086-9DDB-E059468553B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.0:*:*:*:*:drupal:*:*", "matchCriteriaId": "8872BFCE-E2F0-4905-A213-4585FDFFD889", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "AE28554F-126A-46DA-8E9E-8D6C6019D0B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "11F5380E-33E9-4035-9E0C-5AB3FCE8ED31", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.3:*:*:*:*:drupal:*:*", "matchCriteriaId": "14BAABB2-F791-4D21-9FCA-CC64FC8C5527", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.4:*:*:*:*:drupal:*:*", "matchCriteriaId": "79339759-0AE1-4C2A-AF32-C439D2DAE749", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.5:*:*:*:*:drupal:*:*", "matchCriteriaId": "564B5A49-3E18-48C3-8F2C-1751AB92177D", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.6:*:*:*:*:drupal:*:*", "matchCriteriaId": "9229B989-68FD-4727-9AE6-E9D7F44BC62D", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.7:*:*:*:*:drupal:*:*", "matchCriteriaId": "2B5E3BA5-9ADB-44B5-AD9C-6C8D383BB429", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.8:*:*:*:*:drupal:*:*", "matchCriteriaId": "7CC08018-D0AA-4D40-AD6E-3176999D8A86", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.9:*:*:*:*:drupal:*:*", "matchCriteriaId": "6C4B03D5-0B57-426E-AF68-73BB50A6910C", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.10:*:*:*:*:drupal:*:*", "matchCriteriaId": "49DA2410-EEAD-410E-BF22-FE48AEC1C9D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.11:*:*:*:*:drupal:*:*", "matchCriteriaId": "2B1FEA61-20BB-4232-8783-5598C6175F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.12:*:*:*:*:drupal:*:*", "matchCriteriaId": "60AC31AB-FC3E-4EFE-9F82-766563E17BFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:custom_search_project:custom_search:7.x-1.13:*:*:*:*:drupal:*:*", "matchCriteriaId": "64832BA9-5E18-42A6-AA61-F4EF7FE7BFDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the \"Label text\" field to the results configuration page."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el m\u00f3dulo para Drupal Custom Search 6.x-1.x anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.14 permite a atacantes remotos autenticados con determinados permisos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo 'texto de la etiqueta' ('Label text') en la p\u00e1gina de configuraci\u00f3n de resultados."}], "id": "CVE-2014-8320", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-17T14:55:03.267", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Apr/41"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57373"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2231665"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2231531"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2231533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Apr/41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2231665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2231531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2231533"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}