Unrated severityNVD Advisory· Published Jun 15, 2015· Updated May 6, 2026

CVE-2015-4386

Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.

Affected products

Entitybulkdelete Project/Entitybulkdelete
cpe:2.3:a:entitybulkdelete_project:entitybulkdelete:7.x-1.0:*:*:*:*:drupal:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.drupal.org/node/2463049nvdPatch
www.drupal.org/node/2463831nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2015/04/25/6nvd
www.securityfocus.com/bid/74347nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000