Medium severity6.1NVD Advisory· Published Oct 3, 2017· Updated Jun 17, 2026
CVE-2015-7980
CVE-2015-7980
Description
Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:a:compass_rose_project:compass_rose:6.x-1.0:*:*:*:*:drupal:*:*
- Range: 6.x-1.x before 6.x-1.1
Patches
Vulnerability mechanics
References
5- www.drupal.org/node/2545132nvdPatchVendor Advisory
- www.drupal.org/node/2546174nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2015/10/24/4nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2015/10/26/2nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/76247nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.