VulnerableCode Package Details - pkg:deb/ubuntu/drupal7@7.43-3~16.04.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-13v2-q5w6-aaad Aliases: CVE-2015-6665	Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.
VCID-27gh-8wve-aaaj Aliases: CVE-2015-6659	SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.
VCID-2ynm-8eb8-aaak Aliases: CVE-2015-6658	Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.
VCID-3vc6-wpbd-aaaf Aliases: CVE-2015-6661	Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.
VCID-4qty-568y-aaas Aliases: CVE-2015-6660	The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.
VCID-van2-s7yd-aaap Aliases: CVE-2015-7943	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.	7.44-1ubuntu1~16.04.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-13v2-q5w6-aaad
Aliases:
CVE-2015-6665

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.