fkie_nvd - fkie_cve-2013-4384

fkie_cve-2013-4384

Vulnerability from fkie_nvd

Published

2013-10-09 14:54

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.

References

	URL	Tags
	secalert@redhat.com	http://osvdb.org/97503
	secalert@redhat.com	http://www.securityfocus.com/bid/62495
	secalert@redhat.com	https://drupal.org/node/2092395
	secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87285
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/97503
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62495
	af854a3a-2127-422b-91ae-364da2661108	https://drupal.org/node/2092395
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87285

Impacted products

Vendor	Product	Version
google_site_search_project	google_site_search_module	6.x-1.0
google_site_search_project	google_site_search_module	6.x-1.0
google_site_search_project	google_site_search_module	6.x-1.1
google_site_search_project	google_site_search_module	6.x-1.2
google_site_search_project	google_site_search_module	6.x-1.3
google_site_search_project	google_site_search_module	6.x-1.x
google_site_search_project	google_site_search_module	7.x-1.0
google_site_search_project	google_site_search_module	7.x-1.1
google_site_search_project	google_site_search_module	7.x-1.1
google_site_search_project	google_site_search_module	7.x-1.2
google_site_search_project	google_site_search_module	7.x-1.3
google_site_search_project	google_site_search_module	7.x-1.4
google_site_search_project	google_site_search_module	7.x-1.4
google_site_search_project	google_site_search_module	7.x-1.5
google_site_search_project	google_site_search_module	7.x-1.6
google_site_search_project	google_site_search_module	7.x-1.7
google_site_search_project	google_site_search_module	7.x-1.8
google_site_search_project	google_site_search_module	7.x-1.9
google_site_search_project	google_site_search_module	7.x-1.x
drupal	drupal	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F0DE7FD-6564-4E20-B56D-066092582E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9FFCE6D5-720C-4EE0-AF08-76537D7485C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "818F6141-6A96-4A08-A337-8C7F1E08B559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "202B4631-85ED-46FA-97AA-32758617F92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48BE9299-1D70-4E44-BD6E-83EFCA4DAB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:6.x-1.x:dev:*:*:*:*:*:*",
              "matchCriteriaId": "EC8904BB-9827-4D84-93A5-43010D29E576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F1856-9EEC-4F1C-A0F1-D9AEB7D9ED27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E5140B-C151-4572-9BA3-BB45F36A8444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5041E49F-BA8E-4DB2-98AE-5EA0B9F9C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "084E2351-9DE9-4A09-875D-28392EB96DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1377FA7A-0F86-460E-83AA-6974540D5D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "531F12EE-3E2C-441F-9946-0491E9F1DEF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "69921D07-DE94-4018-BAF2-B805427F813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E85D483-B9EB-4119-A66E-613C95E9D6C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1399862F-9C8B-468D-BF82-E9B952531E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7531DB99-9F9B-45D0-88DD-94D7EC5DB17E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3210D2-29A4-45A6-98B2-ABB6B3A0E63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B57AA638-9E45-49D6-9C50-1149B8FC79BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google_site_search_project:google_site_search_module:7.x-1.x:dev:*:*:*:*:*:*",
              "matchCriteriaId": "666E8664-FA9D-4C98-AB2F-74154C000097",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el m\u00f3dulo Google Site Search 6.x-1.x anterior a la versi\u00f3n 6.x-1.4 y 7.x-1.x anterior a 7.x-1.10 para Drupal permite a atacantes remotos inyectar script web arbitrario o HTML, provocando que datos dise\u00f1ados sean devueltos por la API de Google."
    }
  ],
  "id": "CVE-2013-4384",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-09T14:54:26.547",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/97503"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/62495"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://drupal.org/node/2092395"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://drupal.org/node/2092395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87285"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4384 (GCVE-0-2013-4384)

Vulnerability from cvelistv5

Published

2013-10-09 14:44