First published: Tue Jul 22 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal Drupal | =7.0 | |
Drupal Drupal | =7.0-alpha1 | |
Drupal Drupal | =7.0-alpha2 | |
Drupal Drupal | =7.0-alpha3 | |
Drupal Drupal | =7.0-alpha4 | |
Drupal Drupal | =7.0-alpha5 | |
Drupal Drupal | =7.0-alpha6 | |
Drupal Drupal | =7.0-alpha7 | |
Drupal Drupal | =7.0-beta1 | |
Drupal Drupal | =7.0-beta2 | |
Drupal Drupal | =7.0-beta3 | |
Drupal Drupal | =7.0-dev | |
Drupal Drupal | =7.0-rc1 | |
Drupal Drupal | =7.0-rc2 | |
Drupal Drupal | =7.0-rc3 | |
Drupal Drupal | =7.0-rc4 | |
Drupal Drupal | =7.1 | |
Drupal Drupal | =7.2 | |
Drupal Drupal | =7.3 | |
Drupal Drupal | =7.4 | |
Drupal Drupal | =7.5 | |
Drupal Drupal | =7.6 | |
Drupal Drupal | =7.7 | |
Drupal Drupal | =7.8 | |
Drupal Drupal | =7.9 | |
Drupal Drupal | =7.10 | |
Drupal Drupal | =7.11 | |
Drupal Drupal | =7.12 | |
Drupal Drupal | =7.13 | |
Drupal Drupal | =7.14 | |
Drupal Drupal | =7.15 | |
Drupal Drupal | =7.16 | |
Drupal Drupal | =7.17 | |
Drupal Drupal | =7.18 | |
Drupal Drupal | =7.19 | |
Drupal Drupal | =7.20 | |
Drupal Drupal | =7.21 | |
Drupal Drupal | =7.22 | |
Drupal Drupal | =7.23 | |
Drupal Drupal | =7.24 | |
Drupal Drupal | =7.25 | |
Drupal Drupal | =7.26 | |
Drupal Drupal | =7.27 | |
Drupal Drupal | =7.28 | |
Drupal Drupal | =7.x-dev |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.