The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
History

Mon, 23 Dec 2024 01:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:satellite_capsule:6.0::el6
Vendors & Products Redhat satellite Capsule

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-11T20:19:56

Updated: 2024-08-06T16:38:01.575Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-11T21:15:10.830

Modified: 2024-11-21T01:55:09.930

Link: CVE-2013-4225

cve-icon Redhat

Severity : Important

Publid Date: 2014-07-11T00:00:00Z

Links: CVE-2013-4225 - Bugzilla