CVE-2016-1913

Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.0
redhen_projectredhen
7.x-1.1
redhen_projectredhen
7.x-1.2
redhen_projectredhen
7.x-1.3
redhen_projectredhen
7.x-1.4
redhen_projectredhen
7.x-1.5
redhen_projectredhen
7.x-1.6
redhen_projectredhen
7.x-1.7
redhen_projectredhen
7.x-1.8
redhen_projectredhen
7.x-1.10
redhen_projectredhen
7.x-1.x
𝑥
= Vulnerable software versions