CVE-2013-4225: XSS
First published: Tue Feb 11 2020(Updated: )
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Restful Web Services Project Restful Web Services | >=7.x-1.0<7.x-1.4 | |
| Restful Web Services Project Restful Web Services | >=7.x-2.0<7.x-2.1 | |
| Restful Web Services Project Restful Web Services | =7.x-2.x-dev |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/restful web services project
- canonical/restful web services project restful web services
- version/restful web services project restful web services/7.x-1.0
- version/restful web services project restful web services/7.x-2.0
- version/restful web services project restful web services/7.x-2.x-dev