Description
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woo Import Export Arbitrary File Deletion (1.0)
Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)
WordPress Other Vulnerability (CVE-2007-0107)
WordPress Plugin Click to Chat Cross-Site Scripting (1.6)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3369)