WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6665)

Description

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

Remediation

References

Related Vulnerabilities

WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)

WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)

ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)

WordPress Plugin Teamleader CRM Forms Cross-Site Scripting (2.0.0)

Severity

Medium

Classification

CVE-2015-6665 CWE-707

Tags

Missing Update Known Vulnerabilities