CVE-2015-4386

Name of the Vulnerable Software and Affected Versions EntityBulkDelete module versions 7.x-1.0

Description The issue affects administration pages in the EntityBulkDelete module, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved through unknown vectors involving the creation or editing of comments, taxonomy terms, or nodes.

Recommendations For EntityBulkDelete module version 7.x-1.0, update to a newer version that contains a fix for this issue.