5.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.0%
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
www.debian.org/security/2013/dsa-2804
www.openwall.com/lists/oss-security/2013/11/22/4
drupal.org/SA-CORE-2013-003