Description
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Remediation
References
Related Vulnerabilities
PostgreSQL Resource Management Errors Vulnerability (CVE-2007-4772)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.1)
WordPress Plugin FireStats Cross-Site Scripting (1.6.4)
WordPress Plugin Issuu Panel Local/Remote File Inclusion (1.6)
WordPress Plugin SendPress Newsletters Security Bypass (1.2.10.20)