6 matches found
EUVD-2015-6596
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...
CVE-2015-6658
Removed by vendor...
CVE-2015-6658
Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...
Drupal Autocomplete System Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Autocomplete System, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...
drupal -- multiple vulnerabilities
Drupal development team reports: This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax on a whitelisted HTML...