Description
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
Remediation
References
Related Vulnerabilities
WordPress Plugin DB Backup Directory Traversal (4.5)
WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)
WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)
Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)