Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for RESTful Web Services by RESTful Web Services

    CVE-2013-4225 (GCVE-0-2013-4225)

    Vulnerability from nvd – Published: 2020-02-11 20:19 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
    Severity
    No CVSS data available.
    CWE
    • Insecure Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    RESTful Web Services RESTful Web Services Affected: 7.x-1.x before 7.x-1.4
    Affected: 7.x-2.x before 7.x-2.1
    Create a notification for this product.
    Date Public
    2013-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059603"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059591"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059593"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RESTful Web Services",
              "vendor": "RESTful Web Services",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.x-1.x before 7.x-1.4"
                },
                {
                  "status": "affected",
                  "version": "7.x-2.x before 7.x-2.1"
                }
              ]
            }
          ],
          "datePublic": "2013-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the \"access resource node\" and \"create page content\" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Permissions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T20:19:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059603"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059591"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059593"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4225",
        "datePublished": "2020-02-11T20:19:56.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4225 (GCVE-0-2013-4225)

    Vulnerability from cvelistv5 – Published: 2020-02-11 20:19 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
    Severity
    No CVSS data available.
    CWE
    • Insecure Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    RESTful Web Services RESTful Web Services Affected: 7.x-1.x before 7.x-1.4
    Affected: 7.x-2.x before 7.x-2.1
    Create a notification for this product.
    Date Public
    2013-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059603"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059591"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059593"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RESTful Web Services",
              "vendor": "RESTful Web Services",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.x-1.x before 7.x-1.4"
                },
                {
                  "status": "affected",
                  "version": "7.x-2.x before 7.x-2.1"
                }
              ]
            }
          ],
          "datePublic": "2013-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the \"access resource node\" and \"create page content\" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Permissions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T20:19:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059603"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059591"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059593"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4225",
        "datePublished": "2020-02-11T20:19:56.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }