Cross-site Scripting Vulnerability in Term Merge Module for Drupal
CVE-2015-3360

Currently unrated

Key Information:

Vendor: Term Merge Project
Status: Term Merge
Vendor: CVE Published:; 21 April 2015

🔔 Create Term Merge Project Vulnerability Alert

What is CVE-2015-3360?

The Term Merge module for Drupal, prior to version 7.x-1.2, contains a Cross-site Scripting (XSS) vulnerability. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML into affected Drupal sites through unspecified vectors. If exploited, this vulnerability could lead to unauthorized actions and data exposure, highlighting the need for careful validation and sanitization of user input.

References

http://www.securityfocus.com/bid/72113

vdb-entryx_refsource_BID

https://www.drupal.org/node/2407315

x_refsource_MISC

https://www.drupal.org/node/2406869

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Apr 21, 2015

CVE-2015-3360 Data

JSON