PT-2015-6204 · Drupal · Drupal Commerce Balanced Payments Module

Pere Orga

Publicado

2015-04-21

Atualizado

2016-12-06

CVE-2015-3384

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal Commerce Balanced Payments module (affected versions not specified)

Description A cross-site scripting (XSS) issue exists in the Bank Account Listing Page of the Commerce Balanced Payments module, allowing remote authenticated users to inject arbitrary web script or HTML.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-3384

Produtos afetados

Drupal Commerce Balanced Payments Module

PT-2015-6204 · Drupal · Drupal Commerce Balanced Payments Module

CVE-2015-3384

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4