Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5021

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.

Related bugs and status

CVE-2014-5021 (Candidate) is related to these bugs:

Bug #1262813: multiple security issues in drupal7 package

Summary				In	Importance	Status
	1262813	multiple security issues in drupal7 package		drupal7 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.drupal.org...
DEBIAN: DSA-2983