Unrated severityNVD Advisory· Published Mar 27, 2013· Updated Apr 29, 2026
CVE-2013-1887
CVE-2013-1887
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
Affected products
13cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:*:*:*
- cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- drupal.org/node/1948354nvdPatch
- drupal.org/node/1948358nvdPatchVendor Advisory
- secunia.com/advisories/51540nvdVendor Advisory
- drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7acnvd
- packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.htmlnvd
- seclists.org/fulldisclosure/2013/Mar/193nvd
- www.openwall.com/lists/oss-security/2013/03/22/8nvd
- www.openwall.com/lists/oss-security/2013/03/25/4nvd
- www.osvdb.org/91576nvd
- www.securityfocus.com/bid/58621nvd
News mentions
0No linked articles in our index yet.