QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0244

Published: Jan 19, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html

x_refsource_MISC

[oss-security] 20130130 Re: CVE

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_DEBIAN

20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

mailing-list

x_refsource_FULLDISC

https://drupal.org/SA-CORE-2013-001

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.