Description

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.

Remediation

References

CVE-2014-5267

Related Vulnerabilities

WordPress Plugin Download Manager PHAR Deserialization (3.2.49)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39114)

WordPress Plugin WP-TopBar Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (4.02)

WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4)

CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)

Severity

Medium

Classification

CVE-2014-5267 CWE-264

Tags

Missing Update Known Vulnerabilities