Unrated severityNVD Advisory· Published Apr 21, 2015· Updated Jun 17, 2026
CVE-2015-3368
CVE-2015-3368
Description
Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <6.x-3.1 || >=7.x-3.0,<7.x-3.1
cpe:2.3:a:osinet:classified_ads:7.x-3.1:beta2:*:*:*:drupal:*:*+ 1 more
- cpe:2.3:a:osinet:classified_ads:7.x-3.1:beta2:*:*:*:drupal:*:*
- cpe:2.3:a:osinet:classified_ads:*:beta2:*:*:*:drupal:*:*range: <=6.x-3.1
- Range: <6.x-3.1, <7.x-3.1
Patches
Vulnerability mechanics
References
5- www.drupal.org/node/2407783nvdPatch
- www.drupal.org/node/2407785nvdPatch
- www.drupal.org/node/2411527nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2015/01/29/6nvd
- www.securityfocus.com/bid/74267nvd
News mentions
0No linked articles in our index yet.