Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-07-22
Updated
2014-07-22
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
Max CVSS
2.6
EPSS Score
0.26%
Published
2014-01-19
Updated
2014-03-08
2 vulnerabilities found