CVE-2015-2197
03.03.2015, 19:59
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Vendor | Product | Version |
---|---|---|
entity_api_project | entity_api | 𝑥 ≤ 7.x-1.5 |
𝑥
= Vulnerable software versions