CVE-2015-6665

Fedora - Cross-Site Scripting

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

References (15)

Core 15

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033358

Patch, Vendor Advisory x_refsource_misc

https://www.drupal.org/node/2554145

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/76431

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3346

Patch, Vendor Advisory x_refsource_confirm

https://www.drupal.org/SA-CORE-2015-003

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html

Patch x_refsource_confirm

https://www.drupal.org/node/2554133

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html

Scores

EPSS 0.0082

EPSS Percentile 74.6%

Details

CWE

CWE-79

Status published

Products (27)

chaos_tool_suite_project/ctools 6.x-1.0 (9 CPE variants)

chaos_tool_suite_project/ctools 6.x-1.1

chaos_tool_suite_project/ctools 6.x-1.2

chaos_tool_suite_project/ctools 6.x-1.3

chaos_tool_suite_project/ctools 6.x-1.4

chaos_tool_suite_project/ctools 6.x-1.5

chaos_tool_suite_project/ctools 6.x-1.6

chaos_tool_suite_project/ctools 6.x-1.7

chaos_tool_suite_project/ctools 6.x-1.8

chaos_tool_suite_project/ctools 6.x-1.9

... and 17 more

Published Aug 24, 2015

Tracked Since Feb 18, 2026