Description

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.

Remediation

References

CVE-2014-5267

Related Vulnerabilities

WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)

Perl Out-of-bounds Write Vulnerability (CVE-2023-47038)

WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.93)

WordPress Plugin Qtranslate Slug Cross-Site Request Forgery (1.1.18)

Severity

Medium

Classification

CVE-2014-5267 CWE-264

Tags

Missing Update Known Vulnerabilities