Back to search
CVE-2013-4174
Published: Aug 19, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
95625
vdb-entry
x_refsource_OSVDB
https://drupal.org/node/2049251
x_refsource_CONFIRM
54144
third-party-advisory
x_refsource_SECUNIA
scald-atomtitle-xss(85964)
vdb-entry
x_refsource_XF
http://drupalcode.org/project/scald.git/commitdiff/32db1ee
x_refsource_CONFIRM
20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)
mailing-list
x_refsource_FULLDISC
https://drupal.org/node/2049415
x_refsource_MISC
61426
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now