CVE-2014-9499 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Godwin\'s Law Project	Godwin\'s Law

Configuration 1 [-]

cpe:2.3:a:godwin\'s_law_project:godwin\'s_law:7.x-1.1:*:*:*:*:drupal:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/01/03/2
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99678
https://www.drupal.org/node/2390191
https://www.drupal.org/node/2390839

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-01-09T18:00:00

Updated: 2024-08-06T13:47:41.537Z

Reserved: 2015-01-03T00:00:00

Link: CVE-2014-9499

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-09T18:59:05.790

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-9499

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2390191"}, {"name": "drupal-cve20149499-xss(99678)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99678"}, {"name": "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"}, {"name": "[oss-security] 20150103 CVE requests: Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"}, {"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/node/2390839"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9499", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.drupal.org/node/2390191", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2390191"}, {"name": "drupal-cve20149499-xss(99678)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99678"}, {"name": "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"}, {"name": "[oss-security] 20150103 CVE requests: Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"}, {"name": "https://www.drupal.org/node/2390839", "refsource": "MISC", "url": "https://www.drupal.org/node/2390839"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:47:41.537Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2390191"}, {"name": "drupal-cve20149499-xss(99678)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99678"}, {"name": "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"}, {"name": "[oss-security] 20150103 CVE requests: Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/node/2390839"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9499", "datePublished": "2015-01-09T18:00:00", "dateReserved": "2015-01-03T00:00:00", "dateUpdated": "2024-08-06T13:47:41.537Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:godwin\\'s_law_project:godwin\\'s_law:7.x-1.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "84A54584-F165-45B7-A00A-8AF947038213", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el m\u00f3dulo Godwin's Law anterior a 7.x-1.1 para Drupal, cuando utiliza el m\u00f3dulo dblog, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje Watchdog."}], "id": "CVE-2014-9499", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-01-09T18:59:05.790", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99678"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2390191"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2390839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2390191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2390839"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}