Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-07-22
Updated
2014-07-22
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-07-22
Updated
2014-07-22
Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-01-26
Updated
2024-04-11
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
Max CVSS
2.6
EPSS Score
0.26%
Published
2014-01-19
Updated
2014-03-08
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
Max CVSS
6.1
EPSS Score
0.17%
Published
2014-11-24
Updated
2023-06-21
5 vulnerabilities found