CVE-2013-6387

Drupal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.

References (3)

[Patch, Vendor Advisory] https://drupal.org/SA-CORE-2013-003

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2804

[Mailing List] http://www.openwall.com/lists/oss-security/2013/11/22/4

Scores

EPSS 0.0021

EPSS Percentile 43.2%

Details

CWE

CWE-79

Status published

Products (41)

drupal/drupal

... and 31 more

Published Dec 24, 2013

Tracked Since Feb 18, 2026