Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kristof De Jaeger | Display Suite | 7x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/94234
- http://seclists.org/fulldisclosure/2013/Jun/94
- https://drupal.org/node/2017639
- https://drupal.org/node/2017641
- https://drupal.org/node/2017933Vendor Advisory
- http://osvdb.org/94234
- http://seclists.org/fulldisclosure/2013/Jun/94
- https://drupal.org/node/2017639
- https://drupal.org/node/2017641
- https://drupal.org/node/2017933Vendor Advisory
FAQ
What is CVE-2013-2177?
CVE-2013-2177 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject a...
How severe is CVE-2013-2177?
CVE-2013-2177 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2177?
Check the references section above for vendor advisories and patch information. Affected products include: Kristof De Jaeger Display Suite, Drupal Drupal.