Cross-Site Scripting Vulnerability in Drupal's Navigate Module
CVE-2015-5500

Currently unrated

Key Information:

Vendor: Navigate Project
Status: Navigate
Vendor: CVE Published:; 18 August 2015

🔔 Create Navigate Project Vulnerability Alert

What is CVE-2015-5500?

A Cross-site scripting (XSS) vulnerability exists in the Navigate module for Drupal. This flaw allows remote authenticated users with specific permissions to inject arbitrary web scripts or HTML into the system. Exploitation of this vulnerability could lead to unauthorized actions or data exposure, as the injected scripts may be executed in the context of other users' sessions. Users are encouraged to review their permissions and apply recommended security updates to mitigate potential risks.

References

https://www.drupal.org/node/2492245

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/07/04/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 10, 2015

CVE-2015-5500 Data

JSON