2 matches found
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CVE-2015-6665
CVE-2015-6665 affects Drupal 7.x up to version 7.39 and the Ctools module 6.x up to 6.x-1.14. The XSS flaw resides in the Ajax handler, allowing remote attackers to inject arbitrary scripts/HTML via a whitelisted HTML element (potentially the A tag). Remediation: upgrade to Drupal 7.39 and Ctools...