Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-5021

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.

Published

2014-07-22T14:55:10.083

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.0 Yes
Application drupal drupal 7.1 Yes
Application drupal drupal 7.2 Yes
Application drupal drupal 7.3 Yes
Application drupal drupal 7.4 Yes
Application drupal drupal 7.5 Yes
Application drupal drupal 7.6 Yes
Application drupal drupal 7.7 Yes
Application drupal drupal 7.8 Yes
Application drupal drupal 7.9 Yes
Application drupal drupal 7.10 Yes
Application drupal drupal 7.11 Yes
Application drupal drupal 7.12 Yes
Application drupal drupal 7.13 Yes
Application drupal drupal 7.14 Yes
Application drupal drupal 7.15 Yes
Application drupal drupal 7.16 Yes
Application drupal drupal 7.17 Yes
Application drupal drupal 7.18 Yes
Application drupal drupal 7.19 Yes
Application drupal drupal 7.20 Yes
Application drupal drupal 7.21 Yes
Application drupal drupal 7.22 Yes
Application drupal drupal 7.23 Yes
Application drupal drupal 7.24 Yes
Application drupal drupal 7.25 Yes
Application drupal drupal 7.26 Yes
Application drupal drupal 7.27 Yes
Application drupal drupal 7.28 Yes
Application drupal drupal 7.x-dev Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.0 Yes
Application drupal drupal 6.1 Yes
Application drupal drupal 6.2 Yes
Application drupal drupal 6.3 Yes
Application drupal drupal 6.4 Yes
Application drupal drupal 6.5 Yes
Application drupal drupal 6.6 Yes
Application drupal drupal 6.7 Yes
Application drupal drupal 6.8 Yes
Application drupal drupal 6.9 Yes
Application drupal drupal 6.10 Yes
Application drupal drupal 6.11 Yes
Application drupal drupal 6.12 Yes
Application drupal drupal 6.13 Yes
Application drupal drupal 6.14 Yes
Application drupal drupal 6.15 Yes
Application drupal drupal 6.16 Yes
Application drupal drupal 6.17 Yes
Application drupal drupal 6.18 Yes
Application drupal drupal 6.19 Yes
Application drupal drupal 6.20 Yes
Application drupal drupal 6.21 Yes
Application drupal drupal 6.22 Yes
Application drupal drupal 6.23 Yes
Application drupal drupal 6.24 Yes
Application drupal drupal 6.25 Yes
Application drupal drupal 6.26 Yes
Application drupal drupal 6.27 Yes
Application drupal drupal 6.28 Yes
Application drupal drupal 6.29 Yes
Application drupal drupal 6.30 Yes
Application drupal drupal 6.31 Yes
References