VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 15, 2015· Updated May 6, 2026

CVE-2015-4387

CVE-2015-4387

Description

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source.

Affected products

22
  • Password Policy Project/Password Policy22 versions
    cpe:2.3:a:password_policy_project:password_policy:6.x-1.0:*:*:*:*:drupal:*:*+ 21 more
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.10:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.3:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.4:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.5:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.6:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.7:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.8:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:6.x-1.9:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.10:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.3:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.4:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.5:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.6:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.7:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.8:*:*:*:*:drupal:*:*
    • cpe:2.3:a:password_policy_project:password_policy:7.x-1.9:*:*:*:*:drupal:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.