Description
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.1)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)
WordPress Plugin Sharebar Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1)
WordPress Plugin Strong Testimonials Multiple Cross-Site Scripting Vulnerabilities (2.31.4)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5095)