PT-2015-6568 · Drupal · Entitybulkdelete
Pere Orga
·
Published
2015-06-15
·
Updated
2015-06-26
·
CVE-2015-4386
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
EntityBulkDelete module versions 7.x-1.0
Description
The issue affects administration pages in the EntityBulkDelete module, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved through unknown vectors involving the creation or editing of comments, taxonomy terms, or nodes.
Recommendations
For EntityBulkDelete module version 7.x-1.0, update to a newer version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Entitybulkdelete