Description

Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.

Remediation

References

CVE-2014-5022

Related Vulnerabilities

WordPress Plugin Events Shortcodes For The Events Calendar Cross-Site Scripting (1.7.1)

WordPress Plugin Fuctweb CapCC 'plugins.php' SQL Injection (1.0)

WordPress Plugin WP-AutoYoutube 'index.php' Script SQL Injection (0.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5656)

MySQL CVE-2021-2304 Vulnerability (CVE-2021-2304)

Severity

Medium

Classification

CVE-2014-5022 CWE-707

Tags

Missing Update Known Vulnerabilities