CVE-2014-5021

Drupal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.

References (2)

[Vendor Advisory] https://www.drupal.org/SA-CORE-2014-003

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2983

Scores

EPSS 0.0023

EPSS Percentile 45.3%

Details

CWE

CWE-79

Status published

Products (50)

drupal/drupal

... and 40 more

Published Jul 22, 2014

Tracked Since Feb 18, 2026