Description
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Remediation
References
Related Vulnerabilities
Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0256)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)
WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)
WordPress Plugin Custom Permalinks Unspecified Vulnerability (0.7.15)