NVD Vulnerability Detail

CVE-2013-4380

Summary	Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings.
Publication Date	May 20, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:43 p.m.
Last Update	Nov. 21, 2024, 10:55 a.m.

CVSS2.0 : LOW
Score	2.1
Vector	AV:N/AC:H/Au:S/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	単一
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta4::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta5::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc9::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.1:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.2:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.3:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.5:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:-::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha3::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta3::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:-::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.1:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.2:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.3:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.4:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.5:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2013/09/27/6
2	http://www.openwall.com/lists/oss-security/2013/09/27/6
3	https://drupal.org/node/2086187	Patch
4	https://drupal.org/node/2086187	Patch
5	https://drupal.org/node/2086189	Patch
6	https://drupal.org/node/2086189	Patch
7	https://drupal.org/node/2086191	Patch
8	https://drupal.org/node/2086191	Patch
9	https://drupal.org/node/2087051	Patch Vendor Advisory
10	https://drupal.org/node/2087051	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

Drupal 用 MediaFront モジュールにおけるクロスサイトスクリプティングの脆弱性

Title	Drupal 用 MediaFront モジュールにおけるクロスサイトスクリプティングの脆弱性
Summary	Drupal 用 MediaFront モジュールには、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	"administer mediafront" 権限を持つリモート認証されたユーザにより、プリセット設定を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 11, 2013, midnight
Registration Date	May 22, 2014, 4:15 p.m.
Last Update	May 22, 2014, 4:15 p.m.

Affected System

MediaFront

MediaFront 6.x-1.6 未満の 6.x-1.x

MediaFront 7.x-1.6 未満の 7.x-1.x

MediaFront 7.x-2.1 未満の 7.x-2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4380	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4380
National Vulnerability Database (NVD)
2	CVE-2013-4380	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4380

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Drupal
1	mediafront 6.x-1.6	https://drupal.org/node/2086187
2	mediafront 7.x-1.6	https://drupal.org/node/2086189
3	mediafront 7.x-2.1	https://drupal.org/node/2086191
Security advisories
4	DRUPAL-SA-CONTRIB-2013-074	https://drupal.org/node/2087051

Change Log

No	Changed Details	Date of change
0	[2014年05月22日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta4::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta5::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc9::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:6.x-1.1:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.2:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.3:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.5:::::::*
cpe:2.3:a:mediafront:mediafront:6.x-1.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:-::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha5::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta4::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.0:alpha3::::::
cpe:2.3:a:mediafront:mediafront:7.x-2.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta3::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc2::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc1::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc3::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc7::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc5::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:-::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc8::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta1::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc6::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:beta2::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.0:rc4::::::
cpe:2.3:a:mediafront:mediafront:7.x-1.1:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.2:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.3:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.4:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.5:::::::*
cpe:2.3:a:mediafront:mediafront:7.x-1.x:dev::::::
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*