CVE-2015-4386

2015-06-15T14:59:00
ID CVE-2015-4386
Type cve
Reporter cve@mitre.org
Modified 2015-06-26T16:00:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.