CVE-2013-0319 - OpenCVE

Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Yandex.metrics Project	Yandex Metrics
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.0:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.1:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.2:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.3:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.4:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.0:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.1:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.2:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.3:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.4:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.5:::::::*
	cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://drupal.org/node/1921340	Patch
http://drupal.org/node/1921342	Patch
http://drupal.org/node/1922400	Patch Vendor Advisory
http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718	Patch
http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901	Patch
http://www.openwall.com/lists/oss-security/2013/02/21/5

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:03

Updated: 2022-10-03T16:15:03

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-0319

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-03-27T21:55:02.247

Modified: 2013-04-04T04:00:00.000

Link: CVE-2013-0319

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1921340"}, {"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1921342"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1922400"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0319", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901"}, {"name": "http://drupal.org/node/1921340", "refsource": "CONFIRM", "url": "http://drupal.org/node/1921340"}, {"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}, {"name": "http://drupal.org/node/1921342", "refsource": "CONFIRM", "url": "http://drupal.org/node/1921342"}, {"name": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718"}, {"name": "http://drupal.org/node/1922400", "refsource": "MISC", "url": "http://drupal.org/node/1922400"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0319", "datePublished": "2022-10-03T16:15:03", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AAC1E2EB-E349-4DB2-B01F-07CB119D25D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD377A55-2393-4954-AE8D-2721D2CEEB67", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C00E085-B9C9-4B79-8D70-9E7CC531A3AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1536ABD0-0E10-47F8-850E-763E55F198A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "1D467617-B97C-4F36-B2D1-3D0BE3F0B394", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "52649608-7469-4E83-BF4E-681C085EAA47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5431F50B-C194-4184-86CD-D3604859F1F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C93BD6B-712A-4D88-AC98-5514CDA11884", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2D0CB43-8DFD-4680-9522-7507A53351DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6BBCD284-39D2-4A49-BB1F-0ECE2505178D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8167A867-CE6D-43F9-A9CE-0F2AD366CBB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC506D53-9A5F-42DC-A71B-F380712BA324", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex.metrics_project:yandex_metrics:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "9B7F24B3-FF6D-4079-A6D8-4CEC1987B9A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el m\u00f3dulo Yandex.Metrics 6.x-1.x anterior a 6.x-1.6 y 7.x-1.x anterior a 7.x-1.5 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores que involucran al servicio de datos Yandex.Metrica."}], "id": "CVE-2013-0319", "lastModified": "2013-04-04T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-03-27T21:55:02.247", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1921340"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1921342"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1922400"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}