{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the \"manage PIFR environments\" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-14T14:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/node/2205767"}, {"name": "65830", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65830"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2205755"}, {"name": "57030", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57030"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8765", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the \"manage PIFR environments\" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.drupal.org/node/2205767", "refsource": "MISC", "url": "https://www.drupal.org/node/2205767"}, {"name": "65830", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65830"}, {"name": "https://www.drupal.org/node/2205755", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2205755"}, {"name": "57030", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57030"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:26:02.891Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/node/2205767"}, {"name": "65830", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65830"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2205755"}, {"name": "57030", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57030"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8765", "datePublished": "2014-10-14T14:00:00Z", "dateReserved": "2014-10-14T00:00:00Z", "dateUpdated": "2024-09-17T01:05:41.017Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:project_issue_file_review:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFE66FA2-888B-47CE-B866-4CF71E9D5BAB", "versionEndIncluding": "6.x-2.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.00:*:*:*:*:*:*:*", "matchCriteriaId": "1943FFBB-E321-45E0-BC7A-76C41136DA71", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.01:*:*:*:*:*:*:*", "matchCriteriaId": "BBD857F2-F595-405B-97D8-F0508E233605", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.02:*:*:*:*:*:*:*", "matchCriteriaId": "D8EED650-FD9F-4E93-BD87-08FC2B063DE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.03:*:*:*:*:*:*:*", "matchCriteriaId": "734044E8-D495-4D93-A1C6-8A6D2F06F616", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.04:*:*:*:*:*:*:*", "matchCriteriaId": "FF1FAD85-0AF2-498E-8F77-185408B419DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.05:*:*:*:*:*:*:*", "matchCriteriaId": "A8B85E06-1E04-4D2D-B670-645A7577E87D", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.06:*:*:*:*:*:*:*", "matchCriteriaId": "53A24AA0-843F-4749-8C54-D71E9C537457", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.07:*:*:*:*:*:*:*", "matchCriteriaId": "115D197D-0A3D-42C6-A51E-5706B61ABAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:*:*:*:*:*:*:*", "matchCriteriaId": "54A1B26C-2A92-4B85-BA18-6A28C9EF8312", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc1:*:*:*:*:*:*", "matchCriteriaId": "CC2FB82B-4EB9-4651-BB1D-4DBFA83A45DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc2:*:*:*:*:*:*", "matchCriteriaId": "1F044D7F-E05F-4477-90B5-9A584AF5CE11", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc3:*:*:*:*:*:*", "matchCriteriaId": "D602B3CB-005F-405B-BBDF-2198C1C7939F", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc4:*:*:*:*:*:*", "matchCriteriaId": "2047366E-FD7E-4460-8421-FAE0BF4E5F7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.10:*:*:*:*:*:*:*", "matchCriteriaId": "292ABE80-D65D-4C79-A129-A9D02AC0C3E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:*:*:*:*:*:*:*", "matchCriteriaId": "054D40AB-8434-41ED-9DA3-2E1CFE350A15", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:alpha1:*:*:*:*:*:*", "matchCriteriaId": "51F7A915-0500-4D59-B41F-28C564476128", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "3B239A62-3D21-4A9E-BB0A-A61A8A1B62D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.13:*:*:*:*:*:*:*", "matchCriteriaId": "CB27AF00-FF67-4279-9461-9BC0395A4880", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9035F2EF-B2E0-4C47-9AD1-514AE6FBD28F", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta1:*:*:*:*:*:*", "matchCriteriaId": "A37F3F95-07EA-4914-85D4-36D30659E832", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta2:*:*:*:*:*:*", "matchCriteriaId": "EC5C4CDB-FF89-4F56-AA7C-C02EDBC2561B", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta3:*:*:*:*:*:*", "matchCriteriaId": "EDE448B8-0D1A-4B4D-92F7-B122411C1C55", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta4:*:*:*:*:*:*", "matchCriteriaId": "531637CD-8A8B-4329-A3E8-E0C3B2D818F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta5:*:*:*:*:*:*", "matchCriteriaId": "E134D081-61FA-49FD-953E-C92519DD0495", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:*:*:*:*:*:*:*", "matchCriteriaId": "CC517275-42B6-44BF-9A60-BB1F4223BDA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "BB16CC61-AEE1-4ACD-BC2F-B76DA8202D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "3F669810-0B21-4765-B1A7-C077708E53A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the \"manage PIFR environments\" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidadaes de XSS en el m\u00f3dulo Project Issue File Review (PIFR) 6.x-2.x anterior a 6.x-2.17 para Drupal permiten a (1) atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un parche manipulado, lo que provoca un cliente PIFR para probar el parche y devolver los resultados a la p\u00e1gina de los resultados de las pruebas PIFR_Server o (2) usuarios remotos autenticados con el permiso 'manejar entornos PIFR' inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores que involucran una p\u00e1gina administrativa PIFR_Server."}], "id": "CVE-2014-8765", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-14T14:55:07.337", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57030"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65830"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2205755"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2205767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2205755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2205767"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}