WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0244)

Description

Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.

Remediation

References

Related Vulnerabilities

e107 Other Vulnerability (CVE-2004-2039)

Oracle Database Server CVE-2006-0256 Vulnerability (CVE-2006-0256)

Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.71)

Oracle Database Server Other Vulnerability (CVE-2001-0942)

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

Severity

Low

Classification

CVE-2013-0244 CWE-707

Tags

Missing Update Known Vulnerabilities