Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Entitybulkdelete Project | Entitybulkdelete | 7.x-1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/74347
- https://www.drupal.org/node/2463049Patch
- https://www.drupal.org/node/2463831PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/74347
- https://www.drupal.org/node/2463049Patch
- https://www.drupal.org/node/2463831PatchVendor Advisory
FAQ
What is CVE-2015-4386?
CVE-2015-4386 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML ...
How severe is CVE-2015-4386?
CVE-2015-4386 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4386?
Check the references section above for vendor advisories and patch information. Affected products include: Entitybulkdelete Project Entitybulkdelete.