CVE-2013-4140: XSS
First published: Mon Jul 29 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupalisme Tinybox | <=7.x-2.1 | |
| Drupalisme Tinybox | =7.x-1.0 | |
| Drupalisme Tinybox | =7.x-1.0-alpha1 | |
| Drupalisme Tinybox | =7.x-1.0-alpha2 | |
| Drupalisme Tinybox | =7.x-1.0-alpha3 | |
| Drupalisme Tinybox | =7.x-1.0-alpha4 | |
| Drupalisme Tinybox | =7.x-1.0-beta1 | |
| Drupalisme Tinybox | =7.x-1.0-beta2 | |
| Drupalisme Tinybox | =7.x-1.1 | |
| Drupalisme Tinybox | =7.x-2.0 | |
| Drupal Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/95153
- http://seclists.org/fulldisclosure/2013/Jul/86
- http://secunia.com/advisories/54091
- http://www.openwall.com/lists/oss-security/2013/07/17/1
- http://www.securityfocus.com/bid/61078
- https://drupal.org/node/2031575
- https://drupal.org/node/2038807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85600
Frequently Asked Questions
What is the severity of CVE-2013-4140?
CVE-2013-4140 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2013-4140?
To fix CVE-2013-4140, upgrade the TinyBox module to version 7.x-2.2 or later.
Who is affected by CVE-2013-4140?
CVE-2013-4140 affects users of the TinyBox module in Drupal versions prior to 7.x-2.2 with the 'administer tinybox' permission.
What type of vulnerability is CVE-2013-4140?
CVE-2013-4140 is a cross-site scripting (XSS) vulnerability that allows script injection.
Can unauthenticated users exploit CVE-2013-4140?
No, only remote authenticated users with specific permissions can exploit CVE-2013-4140.
- collector/nvd-index
- vendor/drupalisme
- canonical/drupalisme tinybox
- version/drupalisme tinybox/7.x-2.1
- version/drupalisme tinybox/7.x-1.0
- version/drupalisme tinybox/7.x-1.0-alpha1
- version/drupalisme tinybox/7.x-1.0-alpha2
- version/drupalisme tinybox/7.x-1.0-alpha3
- version/drupalisme tinybox/7.x-1.0-alpha4
- version/drupalisme tinybox/7.x-1.0-beta1
- version/drupalisme tinybox/7.x-1.0-beta2
- version/drupalisme tinybox/7.x-1.1
- version/drupalisme tinybox/7.x-2.0
- vendor/drupal
- canonical/drupal drupal