QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0225

Published: Mar 19, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://drupal.org/node/1896720

x_refsource_MISC

http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739

x_refsource_CONFIRM

https://drupal.org/node/1896276

x_refsource_CONFIRM

https://drupal.org/node/1896272

x_refsource_CONFIRM

[oss-security] 20130124 Re: CVE request for Drupal contributed modules

mailing-list

x_refsource_MLIST

http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.