Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-07-22
Updated
2014-07-22
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-07-22
Updated
2014-07-22
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Max CVSS
4.9
EPSS Score
0.09%
Published
2014-07-22
Updated
2014-07-22
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
Max CVSS
5.0
EPSS Score
0.10%
Published
2014-07-22
Updated
2014-07-22
4 vulnerabilities found