PT-2013-3497 · Drupal · Drupal

Published

2013-06-25

Updated

2017-08-29

CVE-2013-1971

CVSS v2.0

2.1

Low

Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 6.x

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via the file name of an MP3 file in the MP3 Player module.

Recommendations For version 6.x, update the MP3 Player module to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MP3 Player module for users with permissions that could be used to exploit this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-1971

Affected Products

Drupal

PT-2013-3497 · Drupal · Drupal

CVE-2013-1971

Weakness Enumeration

Related Identifiers

Affected Products

References · 4