Lucene search

K
osvGoogleOSV:GHSA-6CJ8-C359-P7Q9
HistoryMay 01, 2022 - 11:57 p.m.

Drupal vulnerable to Cross-site Scripting

2022-05-0123:57:56
Google
osv.dev
8
drupal
cross-site scripting
xss
vulnerabilities
remote attackers
web script
html
free tagging taxonomy terms
node preview pages
openid values
software

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

57.7%

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

57.7%