Description
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Modula Image Gallery Cross-Site Scripting (1.3.5)
Internet Information Services Other Vulnerability (CVE-2000-0114)
WordPress Plugin Mapplic Lite Server-Side Request Forgery (1.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3179)
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)