CVE-2015-3357

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 6.x-2.7 Drupal versions 7.x-2.x prior to 7.x-2.7

Description A cross-site scripting (XSS) issue exists in the Wishlist module, allowing remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors. These vectors are not properly handled in a log message.

Recommendations For versions prior to 6.x-2.7, update to version 6.x-2.7 or later. For versions 7.x-2.x prior to 7.x-2.7, update to version 7.x-2.7 or later.