Description

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

Remediation

References

CVE-2015-6665

Related Vulnerabilities

Nginx CVE-2013-2070 Vulnerability (CVE-2013-2070)

Envoy Proxy Integer Overflow or Wraparound Vulnerability (CVE-2021-28682)

WordPress Plugin Qiniu Uploader Cross-Site Scripting (0.1)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.93)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1099)

Severity

Medium

Classification

CVE-2015-6665 CWE-707

Tags

Missing Update Known Vulnerabilities