CVE-2013-6388
Drupal 7.x < 7.24 - Cross-Site Scripting via Color Module CSS Handling
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/22/4
Patch, Vendor Advisory x_refsource_confirm
https://drupal.org/SA-CORE-2013-003
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2804
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-79
Status
published
Products (25)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 15 more
Published
Dec 24, 2013
Tracked Since
Feb 18, 2026