CVE-2015-3390

EUVD-2015-3435
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
facebook_album_fetcher_projectfacebook_album_fetcher
7.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/02/05/16
http://www.securityfocus.com/bid/72570
https://exchange.xforce.ibmcloud.com/vulnerabilities/100655
https://www.drupal.org/node/2420161
http://www.openwall.com/lists/oss-security/2015/02/05/16
http://www.securityfocus.com/bid/72570
https://exchange.xforce.ibmcloud.com/vulnerabilities/100655
https://www.drupal.org/node/2420161