CVE-2015-3344

Name: CVE-2015-3344
Creator: NVD / NIST
Published: 2015-04-21T16:59:04.403+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.97%

Last modified Jun 17, 2026

CVE-2015-3344 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Metrics

EPSS Probability

0.97%

57.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Dlc Solutions	Course	6.x-1.0-alpha1
Dlc Solutions	Course	6.x-1.0-rc1
Dlc Solutions	Course	6.x-1.0-rc2
Dlc Solutions	Course	6.x-1.0-rc3
Dlc Solutions	Course	6.x-1.0-rc4
Dlc Solutions	Course	6.x-1.0-rc5
Dlc Solutions	Course	6.x-1.0-rc6
Dlc Solutions	Course	6.x-1.0-rc7
Dlc Solutions	Course	6.x-1.0-rc8
Dlc Solutions	Course	6.x-1.0-rc9
Dlc Solutions	Course	6.x-1.0-rc10
Dlc Solutions	Course	6.x-1.1
Dlc Solutions	Course	6.x-1.x-dev
Dlc Solutions	Course	7.x-1.0
Dlc Solutions	Course	7.x-1.0-alpha1
Dlc Solutions	Course	7.x-1.0-alpha2
Dlc Solutions	Course	7.x-1.0-alpha3
Dlc Solutions	Course	7.x-1.0-beta1
Dlc Solutions	Course	7.x-1.0-beta2
Dlc Solutions	Course	7.x-1.0-beta3
Dlc Solutions	Course	7.x-1.0-rc1
Dlc Solutions	Course	7.x-1.0-rc2
Dlc Solutions	Course	7.x-1.0-rc3
Dlc Solutions	Course	7.x-1.0-rc4
Dlc Solutions	Course	7.x-1.1
Dlc Solutions	Course	7.x-1.2
Dlc Solutions	Course	7.x-1.3
Dlc Solutions	Course	7.x-1.x-dev

References

http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/72631
https://www.drupal.org/node/2403305Patch
https://www.drupal.org/node/2403309Patch
https://www.drupal.org/node/2403333Patch, Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/72631
https://www.drupal.org/node/2403305Patch
https://www.drupal.org/node/2403309Patch
https://www.drupal.org/node/2403333Patch, Vendor Advisory

Timeline

Published: Apr 21, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-3344?

How severe is CVE-2015-3344?

Severity scoring for CVE-2015-3344 is pending analysis. The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.

How do I fix CVE-2015-3344?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-3344?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST