Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-5021 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-5021

Low
Reference: CVE-2014-5021
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-5021
Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the quotadminister taxonomyquot permission to inject arbitrary web script or HTML via an option group label.