CVE-2015-2197 in Entity Apiinfo

Summary

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/03/2015

Disclosure

03/03/2015

Moderation

VulDB entry created

Entries

VDB-74341 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

3.5

EPSS

0.00209

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-2197
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2197
CVE Details	https://www.cvedetails.com/cve/CVE-2015-2197/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!