Vulnerability Details CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html
- http://www.debian.org/security/2015/dsa-3346
- http://www.securityfocus.com/bid/76431
- http://www.securitytracker.com/id/1033358
- https://www.drupal.org/SA-CORE-2015-003
- https://www.drupal.org/node/2554133
- https://www.drupal.org/node/2554145
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html
- http://www.debian.org/security/2015/dsa-3346
- http://www.securityfocus.com/bid/76431
- http://www.securitytracker.com/id/1033358
- https://www.drupal.org/SA-CORE-2015-003
- https://www.drupal.org/node/2554133
- https://www.drupal.org/node/2554145
Products affected by CVE-2015-6665
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.11
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.12
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.13
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.5
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.6
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.7
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.8
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.9
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.x
-
cpe:2.3:a:drupal:drupal:7.0
-
cpe:2.3:a:drupal:drupal:7.1
-
cpe:2.3:a:drupal:drupal:7.10
-
cpe:2.3:a:drupal:drupal:7.11
-
cpe:2.3:a:drupal:drupal:7.12
-
cpe:2.3:a:drupal:drupal:7.13
-
cpe:2.3:a:drupal:drupal:7.14
-
cpe:2.3:a:drupal:drupal:7.15
-
cpe:2.3:a:drupal:drupal:7.16
-
cpe:2.3:a:drupal:drupal:7.17
-
cpe:2.3:a:drupal:drupal:7.18
-
cpe:2.3:a:drupal:drupal:7.19
-
cpe:2.3:a:drupal:drupal:7.2
-
cpe:2.3:a:drupal:drupal:7.20
-
cpe:2.3:a:drupal:drupal:7.21
-
cpe:2.3:a:drupal:drupal:7.22
-
cpe:2.3:a:drupal:drupal:7.23
-
cpe:2.3:a:drupal:drupal:7.24
-
cpe:2.3:a:drupal:drupal:7.25
-
cpe:2.3:a:drupal:drupal:7.26
-
cpe:2.3:a:drupal:drupal:7.27
-
cpe:2.3:a:drupal:drupal:7.28
-
cpe:2.3:a:drupal:drupal:7.29
-
cpe:2.3:a:drupal:drupal:7.3
-
cpe:2.3:a:drupal:drupal:7.30
-
cpe:2.3:a:drupal:drupal:7.33
-
cpe:2.3:a:drupal:drupal:7.34
-
cpe:2.3:a:drupal:drupal:7.35
-
cpe:2.3:a:drupal:drupal:7.36
-
cpe:2.3:a:drupal:drupal:7.37
-
cpe:2.3:a:drupal:drupal:7.38
-
cpe:2.3:a:drupal:drupal:7.4
-
cpe:2.3:a:drupal:drupal:7.5
-
cpe:2.3:a:drupal:drupal:7.6
-
cpe:2.3:a:drupal:drupal:7.7
-
cpe:2.3:a:drupal:drupal:7.8
-
cpe:2.3:a:drupal:drupal:7.9
-
cpe:2.3:a:drupal:drupal:7.x-dev
-
cpe:2.3:o:fedoraproject:fedora:21
-
cpe:2.3:o:fedoraproject:fedora:22
-
cpe:2.3:o:fedoraproject:fedora:23