CVE-2015-5507
18.08.2015, 18:00
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.
| Vendor | Product | Version |
|---|---|---|
| inline_entity_form_project | inline_entity_form | 7.x-1.0:x |
| inline_entity_form_project | inline_entity_form | 7.x-1.1:x |
| inline_entity_form_project | inline_entity_form | 7.x-1.2:x |
| inline_entity_form_project | inline_entity_form | 7.x-1.3:x |
| inline_entity_form_project | inline_entity_form | 7.x-1.4:x |
| inline_entity_form_project | inline_entity_form | 7.x-1.5:x |
𝑥
= Vulnerable software versions
References