Analyst readout for executives and security teams
Plain-English summary
This issue affects older Drupal Varnish module releases. A remote attacker could inject script or HTML through certain watchdog messages or administrative settings, potentially causing malicious content to run in a user's browser when viewed.
Executive priority
Treat as a targeted web application hygiene issue. It is not cited as actively exploited, but affected Drupal sites should be updated because XSS can compromise administrator sessions or trusted users.
Technical view
CVE-2013-0325 is multiple cross-site scripting in the Drupal Varnish module before 6.x-1.2 and before 7.x-1.0-beta2. The described vectors are crafted watchdog messages and admin settings. The bundle provides no CVSS, CWE, or confirmed exploitation evidence.
Likely exposure
Exposure is likely limited to Drupal sites using the contributed Varnish module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.0-beta2.
Exploitation context
The CVE states remote attackers may inject arbitrary web script or HTML. The source bundle does not include KEV listing, active exploitation evidence, public exploit confirmation, or detailed attack prerequisites.
Researcher notes
The evidence identifies the affected module branches and two XSS input areas, but lacks CVSS, CWE, detailed prerequisites, and exploit telemetry. Keep findings tied to Drupal Varnish module versions and the cited advisory/commit references.
Mitigation direction
- Upgrade the Drupal Varnish module to 6.x-1.2, 7.x-1.0-beta2, or later.
- Review the Drupal advisory pages referenced for vendor-specific remediation guidance.
- Audit watchdog messages and Varnish admin settings for unexpected script or HTML.
- Prioritize remediation on internet-facing or administrator-accessed Drupal sites.
Validation and detection
- Inventory Drupal sites using the contributed Varnish module.
- Confirm deployed module versions are not below the fixed releases.
- Check whether referenced upstream fix commits are present in deployed code.
- Review security logs and stored settings for suspicious HTML or script content.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2013-0325 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- http://drupal.org/node/1922756CVE reference · x_refsource_MISC
- [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modulesCVE reference · mailing-list, x_refsource_MLIST
- http://drupalcode.org/project/varnish.git/commitdiff/f69a62cCVE reference · x_refsource_CONFIRM
- http://drupalcode.org/project/varnish.git/commitdiff/e6726b4CVE reference · x_refsource_CONFIRM
- http://drupal.org/node/1922726CVE reference · x_refsource_CONFIRM
- http://drupal.org/node/1922730CVE reference · x_refsource_CONFIRM
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
