CVE-2013-6387
Drupal 7.x - Authenticated Cross-Site Scripting in Image Module Description Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/22/4
Patch, Vendor Advisory x_refsource_confirm
https://drupal.org/SA-CORE-2013-003
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2804
Scores
EPSS
0.0021
EPSS Percentile
43.3%
Details
CWE
CWE-79
Status
published
Products (25)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 15 more
Published
Dec 24, 2013
Tracked Since
Feb 18, 2026