Vulnerability Details CVE-2015-5507
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/75283
- https://www.drupal.org/node/2507593
- https://www.drupal.org/node/2507605
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/75283
- https://www.drupal.org/node/2507593
- https://www.drupal.org/node/2507605
Products affected by CVE-2015-5507
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.0
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.1
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.2
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.3
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.4
-
cpe:2.3:a:inline_entity_form_project:inline_entity_form:7.x-1.5