CVE-2013-4138 - OpenCVE

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Alienwp	Hatch
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:alienwp:hatch:7.x-1.0:::::::*
	cpe:2.3:a:alienwp:hatch:7.x-1.1:::::::*
	cpe:2.3:a:alienwp:hatch:7.x-1.2:::::::*
	cpe:2.3:a:alienwp:hatch:7.x-1.3:::::::*
	cpe:2.3:a:alienwp:hatch:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/07/17/1
https://drupal.org/node/2038189	Patch
https://drupal.org/node/2038363	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:14:58

Updated: 2022-10-03T16:14:58

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-4138

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-08-28T22:55:05.703

Modified: 2013-09-19T01:10:21.667

Link: CVE-2013-4138

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2038363"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2038189"}, {"name": "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/07/17/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4138", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2038363", "refsource": "MISC", "url": "https://drupal.org/node/2038363"}, {"name": "https://drupal.org/node/2038189", "refsource": "CONFIRM", "url": "https://drupal.org/node/2038189"}, {"name": "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/07/17/1"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4138", "datePublished": "2022-10-03T16:14:58", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alienwp:hatch:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "12354766-4A3E-4608-9C85-4D6E42F8847E", "vulnerable": true}, {"criteria": "cpe:2.3:a:alienwp:hatch:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "245DA062-B5A2-4B2D-9D8D-7CA1A01B6CAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:alienwp:hatch:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7BF8516A-2F13-443C-89D9-088773C12792", "vulnerable": true}, {"criteria": "cpe:2.3:a:alienwp:hatch:7.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFE3A000-1D8B-40FE-A7D3-D247688468AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:alienwp:hatch:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "F2D00FCC-E07C-41D5-B44E-AA3196DAF1FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad Cross-site scripting (XSS) en el tema Hatch v7.x-1.x anterior a v7.x-1.4 para Drupal lo que permite a usuarios remotos autenticados con los permisos \"Administer content,\" \"Create new article,\" o \"Edit any article type content\", inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-4138", "lastModified": "2013-09-19T01:10:21.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-08-28T22:55:05.703", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/07/17/1"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2038189"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2038363"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}