CVE-2014-5022

Drupal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.

References (2)

[Vendor Advisory] https://www.drupal.org/SA-CORE-2014-003

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2983

Scores

EPSS 0.0026

EPSS Percentile 49.3%

Details

CWE

CWE-79

Status published

Products (46)

drupal/drupal

... and 36 more

Published Jul 22, 2014

Tracked Since Feb 18, 2026