Description
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Locking Vulnerability (CVE-2002-1850)
WordPress Plugin Sooqr Search Restricted File Upload (1.1.4)
WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6102)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5304)