Description

Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.

Remediation

References

CVE-2015-6658

Related Vulnerabilities

WordPress Plugin Chat-Support Board-WordPress Chat Privilege Escalation (3.3.8)

Zope Web Application Server Cryptographic Issues Vulnerability (CVE-2012-6661)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)

Oracle Application Server CVE-2008-0346 Vulnerability (CVE-2008-0346)

Mailman Other Vulnerability (CVE-2004-0412)

Severity

Medium

Classification

CVE-2015-6658 CWE-707

Tags

Missing Update Known Vulnerabilities