CVE-2015-6665
Last modified
CVE-2015-6665 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.. EPSS estimates a 2.69% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Fedoraproject | Fedora | 21 | — |
| Fedoraproject | Fedora | 22 | — |
| Fedoraproject | Fedora | 23 | — |
| Drupal | Drupal | 7.0 | — |
| Drupal | Drupal | 7.1 | — |
| Drupal | Drupal | 7.2 | — |
| Drupal | Drupal | 7.3 | — |
| Drupal | Drupal | 7.4 | — |
| Drupal | Drupal | 7.5 | — |
| Drupal | Drupal | 7.6 | — |
| Drupal | Drupal | 7.7 | — |
| Drupal | Drupal | 7.8 | — |
| Drupal | Drupal | 7.9 | — |
| Drupal | Drupal | 7.10 | — |
| Drupal | Drupal | 7.11 | — |
| Drupal | Drupal | 7.12 | — |
| Drupal | Drupal | 7.13 | — |
| Drupal | Drupal | 7.14 | — |
| Drupal | Drupal | 7.15 | — |
| Drupal | Drupal | 7.16 | — |
| Drupal | Drupal | 7.17 | — |
| Drupal | Drupal | 7.18 | — |
| Drupal | Drupal | 7.19 | — |
| Drupal | Drupal | 7.20 | — |
| Drupal | Drupal | 7.21 | — |
| Drupal | Drupal | 7.22 | — |
| Drupal | Drupal | 7.23 | — |
| Drupal | Drupal | 7.24 | — |
| Drupal | Drupal | 7.25 | — |
| Drupal | Drupal | 7.26 | — |
| Drupal | Drupal | 7.27 | — |
| Drupal | Drupal | 7.28 | — |
| Drupal | Drupal | 7.29 | — |
| Drupal | Drupal | 7.30 | — |
| Drupal | Drupal | 7.33 | — |
| Drupal | Drupal | 7.34 | — |
| Drupal | Drupal | 7.35 | — |
| Drupal | Drupal | 7.36 | — |
| Drupal | Drupal | 7.37 | — |
| Drupal | Drupal | 7.38 | — |
| Drupal | Drupal | 7.x-dev | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.0 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.1 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.2 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.3 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.4 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.5 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.6 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.7 | — |
| Chaos Tool Suite Project | Ctools | 6.x-1.8 | — |
Showing 50 of 55 affected configurations. See NVD for the full list.
References
- https://www.drupal.org/SA-CORE-2015-003Patch, Vendor Advisory
- https://www.drupal.org/node/2554145Patch, Vendor Advisory
- https://www.drupal.org/SA-CORE-2015-003Patch, Vendor Advisory
- https://www.drupal.org/node/2554145Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-6665?
How severe is CVE-2015-6665?
How do I fix CVE-2015-6665?
Are you affected by CVE-2015-6665?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST