CVE-2016-7571: Cross-site Scripting in HTTP exceptions

October 3, 2016 (updated October 4, 2016)

An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.

References

www.drupal.org/SA-CORE-2016-004

Code Behaviors & Features

Detect and mitigate CVE-2016-7571 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →