Description

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.

Remediation

References

CVE-2014-5267

Related Vulnerabilities

ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)

Oracle Database Server CVE-2006-0265 Vulnerability (CVE-2006-0265)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

WordPress Other Vulnerability (CVE-2007-3239)

MySQL CVE-2023-22048 Vulnerability (CVE-2023-22048)

Severity

Medium

Classification

CVE-2014-5267 CWE-264

Tags

Missing Update Known Vulnerabilities