CVE-2014-8747

Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.

Published: Oct 13, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8747
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
drupal / commons	7.x-3.3-rc3	7.x-3.3-rc3.x
drupal / commons	7.x-3.7	7.x-3.7.x
drupal / commons	7.x-3.4-rc3	7.x-3.4-rc3.x
drupal / commons	7.x-3.3-rc4	7.x-3.3-rc4.x
drupal / commons	7.x-3.4-rc1	7.x-3.4-rc1.x
drupal / commons	7.x-3.3	7.x-3.3.x
drupal / commons	7.x-3.4-rc2	7.x-3.4-rc2.x
drupal / commons	7.x-3.5	7.x-3.5.x
drupal / commons	7.x-3.4	7.x-3.4.x
drupal / commons	7.x-3.8	7.x-3.8.x
drupal / commons	7.x-3.6	7.x-3.6.x

http://osvdb.org/103288
http://secunia.com/advisories/56861
http://www.securityfocus.com/bid/65524
https://exchange.xforce.ibmcloud.com/vulnerabilities/91151
https://www.drupal.org/node/2194777
https://www.drupal.org/node/2194877

Vulnerability Database

CVE-2014-8747

Deep Security Visibility Without the Complexity