Description

** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future.

Remediation

References

CVE-2014-1607

Related Vulnerabilities

Squid Other Vulnerability (CVE-2010-0639)

WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)

Internet Information Services Other Vulnerability (CVE-2000-0114)

Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)

Severity

Medium

Classification

CVE-2014-1607 CWE-707

Tags

Missing Update Known Vulnerabilities