Your submission was sent successfully! Close

CVE-2016-7571

Published: 3 October 2016

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was needed)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

drupal7
Launchpad, Ubuntu, Debian
artful Not vulnerable

precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected)
upstream Needs triage

xenial Not vulnerable

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable