Vulnerabilities

CVE-2015-4386

by Fred · 15/06/2015

Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.

Date published : 2015-06-15

http://www.securityfocus.com/bid/74347

https://www.drupal.org/node/2463049

Similar

Tags: Cybersecurity Alert