Medium severity5.4NVD Advisory· Published Jan 15, 2016· Updated May 6, 2026
CVE-2016-1913
CVE-2016-1913
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores.
Affected products
17cpe:2.3:a:redhen_project:redhen:7.x-1.0:*:*:*:*:drupal:*:*+ 16 more
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:alpha1:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:alpha2:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:alpha3:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:beta1:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:beta2:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.0:beta3:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.1:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.2:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.3:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.4:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.5:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.6:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.7:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.8:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.10:*:*:*:*:drupal:*:*
- cpe:2.3:a:redhen_project:redhen:7.x-1.x:dev:*:*:*:drupal:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.drupal.org/node/2649780nvdPatch
- www.drupal.org/node/2649800nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.