2016-10-03 20:59:16 2016-10-04 19:54:29

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Drupal Drupal 8.0.0 Alpha6 (not an official CPE) Drupal Drupal 8.0.0 Beta7 (not an official CPE) Drupal Drupal 8.0.0 Beta6 (not an official CPE) Drupal Drupal 8.0.0 Beta4 (not an official CPE) Drupal Drupal 8.0.0 Beta9 (not an official CPE) Drupal Drupal 8.0.0 Beta3 (not an official CPE) Drupal Drupal 8.0.0 Beta1 (not an official CPE) Drupal Drupal 8.0.0 Beta2 (not an official CPE) Drupal Drupal 8.1.0 Rc1 (not an official CPE) Drupal Drupal 8.0.6 (not an official CPE) Drupal Drupal 8.0.4 (not an official CPE) Drupal Drupal 8.0.0 Alpha5 (not an official CPE) Drupal Drupal 8.0.0 Alpha4 (not an official CPE) Drupal Drupal 8.0.0 Alpha3 (not an official CPE) Drupal Drupal 8.0.5 (not an official CPE) Drupal Drupal 8.0.0 Alpha2 (not an official CPE) Drupal Drupal 8.0.0 Alpha9 (not an official CPE) Drupal Drupal 8.0.0 Alpha8 (not an official CPE) Drupal Drupal 8.0.0 Alpha7 (not an official CPE) Drupal Drupal 8.1.1 (not an official CPE) Drupal Drupal 8.0.0 Alpha10 (not an official CPE) Drupal Drupal 8.0.0 Alpha11 (not an official CPE) Drupal Drupal 8.1.2 (not an official CPE) Drupal Drupal 8.0.0 Alpha12 (not an official CPE) Drupal Drupal 8.1.0 (not an official CPE) Drupal Drupal 8.1.0 Beta1 (not an official CPE) Drupal Drupal 8.0.0 Beta10 (not an official CPE) Drupal Drupal 8.1.0 Beta2 (not an official CPE) Drupal Drupal 8.1.9 (not an official CPE) Drupal Drupal 8.1.7 (not an official CPE) Drupal Drupal 8.0.0 Rc1 (not an official CPE) Drupal Drupal 8.1.5 (not an official CPE) Drupal Drupal 8.1.8 (not an official CPE) Drupal Drupal 8.0.0 Alpha13 (not an official CPE) Drupal Drupal 8.1.3 (not an official CPE) Drupal Drupal 8.0.0 Alpha14 (not an official CPE) Drupal Drupal 8.1.6 (not an official CPE) Drupal Drupal 8.0.0 Alpha15 (not an official CPE) Drupal Drupal 8.0.0 Rc4 (not an official CPE) Drupal Drupal 8.0.0 Rc3 (not an official CPE) Drupal Drupal 8.1.4 (not an official CPE) Drupal Drupal 8.0.0 Rc2 (not an official CPE) Drupal Drupal 8.0.0 Beta15 (not an official CPE) Drupal Drupal 8.0.0 Beta11 (not an official CPE) Drupal Drupal 8.0.0 Beta16 (not an official CPE) Drupal Drupal 8.0.0 Beta14 (not an official CPE) Drupal Drupal 8.0.0 Beta13 (not an official CPE) Drupal Drupal 8.0.0 Beta12 (not an official CPE) Drupal Drupal 8.0.2 (not an official CPE) Drupal Drupal 8.0.0 (not an official CPE) Drupal Drupal 8.0.3 (not an official CPE) Drupal Drupal 8.0.1 (not an official CPE)
Advisory Patch Confirmed Link
https://www.drupal.org/SA-CORE-2016-004
1036886
93101