VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2014· Updated May 6, 2026

CVE-2014-8765

CVE-2014-8765

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.

Affected products

28
  • Drupal/Project Issue File Review28 versions
    cpe:2.3:a:drupal:project_issue_file_review:*:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:drupal:project_issue_file_review:*:*:*:*:*:*:*:*range: <=6.x-2.16
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.00:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.01:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.02:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.03:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.04:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.05:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.06:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.07:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc2:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc3:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.08:rc4:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.12:rc1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta2:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta3:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta4:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.14:beta5:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:project_issue_file_review:6.x-2.15:rc2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.