Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31552)
WordPress Plugin WordPress Landing Pages Multiple Vulnerabilities (1.8.4)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)
WordPress Plugin Event Banner Arbitrary File Upload (1.3)
Apache Traffic Server CVE-2015-5168 Vulnerability (CVE-2015-5168)