CVE-2014-8379
published 2014-10-21CVE-2014-8379: Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain…
PriorityP271low3.5CVSS 2.0
AVNACMAuSCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.95%
56.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marketo_ma_project | marketo_ma | <= 7.x-1.3 | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-875q-9x56-gmh7: Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7
ghsa_unreviewed·2022-05-17
CVE-2014-8379 [LOW] CWE-79 GHSA-875q-9x56-gmh7: Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.
VulnCheck
marketo_ma_project marketo_ma Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2014·CVSS 3.5
CVE-2014-8379 [LOW] marketo_ma_project marketo_ma Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
marketo_ma_project marketo_ma Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.
Affected: marketo_ma_project marketo_ma
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; htt
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-10-21
Published
Exploited in the wild