VDB
CVE-2013-1436
CVE-2013-1436
REJECTED
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.
EPSS 7.07% · 91.7th percentile
Risk Scores
EPSS Score
7.07%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | xmonad-contrib | 0.11.2-1, 0 |
Exploit Intelligence
- CIRCL exploited: CVE-2013-1436 (circl-sighting)
- GLSA-201405-28 (circl)
- http://handra.rampa.sk/dawb/patch?repoPURL=http%3A%2F%2Fcode.haskell.org%2FXMonadContrib&repoPHash=20130708144813-1499c-0c3e284d3523c0694b9423714081761813bc1e89 (circl)
- http://www.openwall.com/lists/oss-security/2013/07/26/5 (vulncheck-nvd)
- http://www.securityfocus.com/bid/61491 (vulncheck-nvd)
Timeline
- Jul 26, 2013 PoC Published
- Oct 6, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 1, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-1436 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-1436 third-party-advisory