Description

Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.

Remediation

References

CVE-2013-6387

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-4255)

MySQL CVE-2014-6464 Vulnerability (CVE-2014-6464)

Squid NULL Pointer Dereference Vulnerability (CVE-2020-14058)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

PHP Other Vulnerability (CVE-2015-4644)

Severity

Low

Classification

CVE-2013-6387 CWE-707

Tags

Missing Update Known Vulnerabilities