Description
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)
ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)
WordPress Plugin Teamleader CRM Forms Cross-Site Scripting (2.0.0)