VDB
CVE-2013-4225
CVE-2013-4225
PUBLISHED
Reported by redhat · Published February 11, 2020
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RESTful Web Services | RESTful Web Services | 7.x-1.x before 7.x-1.4, 7.x-2.x before 7.x-2.1 |
| RESTful Web Services | RESTful Web Services | 7.x-1.x before 7.x-1.4, 7.x-2.x before 7.x-2.1, 7.x-1.x before 7.x-1.4 |
Timeline
- Feb 11, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score