{"id":"CVE-2016-7571","details":"Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.","aliases":["GHSA-vhg8-x858-7wq6"],"modified":"2026-04-10T03:53:21.618791Z","published":"2016-10-03T18:59:16.780Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93101"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036886"},{"type":"ADVISORY","url":"https://www.drupal.org/SA-CORE-2016-004"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"9b7ead2e45935bc1dadfe74490b8cbefa54f433a"},{"introduced":"0"},{"last_affected":"305b2f38da238705a10e543994808ce29dbdbbc0"},{"introduced":"0"},{"last_affected":"64de978a08663904ba8231f20d2f26c8f5a135e8"},{"introduced":"0"},{"last_affected":"70378b5c5dd7c99f56f7e3f36cffcd33d46644c6"},{"introduced":"0"},{"last_affected":"598ccc572506256a13c6b3eb978b348f0dee3c6b"},{"introduced":"0"},{"last_affected":"48786c6ee658f4ef4275962331d406ab186dd6f0"},{"introduced":"0"},{"last_affected":"fc345ab700c4d00eb5d1f5000700bc534feb49c6"},{"introduced":"0"},{"last_affected":"c3f5245f1c98a8a1cf119c977db05488e0a32074"},{"introduced":"0"},{"last_affected":"c24c1c7694c3970213e758a7198bc4e4a9c485f8"},{"introduced":"0"},{"last_affected":"5249c53ef0c3a715bc46bb568c91470ed0374996"},{"introduced":"0"},{"last_affected":"19b32a3ab40e8c89495ee260e46a5e8375ad3756"},{"introduced":"0"},{"last_affected":"15ddad3bf498b0e8bdfe7724e1dbaf653c2d7885"},{"introduced":"0"},{"last_affected":"e15ebedc4c6afdab87c1ffd7cb1f5ca462aafe87"},{"introduced":"0"},{"last_affected":"5bf651dabf88766a588adf3c34a7ee2fa1ab4016"},{"introduced":"0"},{"last_affected":"09dbe27efa2b6f255b804168711166bd3f8b6d4e"},{"introduced":"0"},{"last_affected":"079a52b45df32b8aa82d1eb0c57bd97d1e065f57"},{"introduced":"0"},{"last_affected":"b7390caeeec23886c4b8d91f8952c35c034cd41f"},{"introduced":"0"},{"last_affected":"f1def1199d3e73144d8931b30ebef7d2d82526cb"},{"introduced":"0"},{"last_affected":"4f05b98429b58c93fec1a8222956851f03a6c4ac"},{"introduced":"0"},{"last_affected":"260d019e286d36f7d2b4fb5b3d62723a9ee81840"},{"introduced":"0"},{"last_affected":"2d64433829033660b87a1a1d054b3899a18addba"},{"introduced":"0"},{"last_affected":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"introduced":"0"},{"last_affected":"3f7404935955cd2a63023e77a07c4231ad5ff62a"},{"introduced":"0"},{"last_affected":"f25feddd5ca56e6155e26e52667ab4fef87bb19d"},{"introduced":"0"},{"last_affected":"d918ae1ecc4e0fb86ae9296da1a39f02bd36cde4"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"13692d3b92b2d4ddd93b0ddf0a4c4d97b37e68a8"},{"introduced":"0"},{"last_affected":"5a19562de5b1a8a056bc33c467d806073c4ac085"},{"introduced":"0"},{"last_affected":"2b08ba7c1c7afb76c1e3d54e533ab631c5a0ba67"},{"introduced":"0"},{"last_affected":"c0d600fe2ce507f28e91acc51d7f63be28521536"},{"introduced":"0"},{"last_affected":"6204be67bb3c1a0b64991770c27b62dbadb15007"},{"introduced":"0"},{"last_affected":"a87557fde744444c0f7f5344d4f82b721a65717e"},{"introduced":"0"},{"last_affected":"32801642fc1bc9f4a9942ce90e9b3669e74d16b3"},{"introduced":"0"},{"last_affected":"8bd13242c06ad307c72500b17c38cf325de424a0"},{"introduced":"0"},{"last_affected":"b101f904648a70822b87427007b6228c3824e0ae"},{"introduced":"0"},{"last_affected":"5e60a2770329300866319aac1ab465159688d319"},{"introduced":"0"},{"last_affected":"30115b418e854f4df5b94a1667d3ade55cfb9471"},{"introduced":"0"},{"last_affected":"1db8df63020cb020ed13a9793669f6e435f64334"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0.0"},{"introduced":"0"},{"last_affected":"8.0.0-alpha14"},{"introduced":"0"},{"last_affected":"8.0.0-alpha15"},{"introduced":"0"},{"last_affected":"8.0.0-beta1"},{"introduced":"0"},{"last_affected":"8.0.0-beta10"},{"introduced":"0"},{"last_affected":"8.0.0-beta11"},{"introduced":"0"},{"last_affected":"8.0.0-beta12"},{"introduced":"0"},{"last_affected":"8.0.0-beta13"},{"introduced":"0"},{"last_affected":"8.0.0-beta14"},{"introduced":"0"},{"last_affected":"8.0.0-beta15"},{"introduced":"0"},{"last_affected":"8.0.0-beta16"},{"introduced":"0"},{"last_affected":"8.0.0-beta2"},{"introduced":"0"},{"last_affected":"8.0.0-beta3"},{"introduced":"0"},{"last_affected":"8.0.0-beta4"},{"introduced":"0"},{"last_affected":"8.0.0-beta6"},{"introduced":"0"},{"last_affected":"8.0.0-beta7"},{"introduced":"0"},{"last_affected":"8.0.0-beta9"},{"introduced":"0"},{"last_affected":"8.0.0-rc1"},{"introduced":"0"},{"last_affected":"8.0.0-rc2"},{"introduced":"0"},{"last_affected":"8.0.0-rc3"},{"introduced":"0"},{"last_affected":"8.0.0-rc4"},{"introduced":"0"},{"last_affected":"8.0.1"},{"introduced":"0"},{"last_affected":"8.0.2"},{"introduced":"0"},{"last_affected":"8.0.3"},{"introduced":"0"},{"last_affected":"8.0.4"},{"introduced":"0"},{"last_affected":"8.0.5"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0-beta1"},{"introduced":"0"},{"last_affected":"8.1.0-beta2"},{"introduced":"0"},{"last_affected":"8.1.0-rc1"},{"introduced":"0"},{"last_affected":"8.1.1"},{"introduced":"0"},{"last_affected":"8.1.2"},{"introduced":"0"},{"last_affected":"8.1.3"},{"introduced":"0"},{"last_affected":"8.1.4"},{"introduced":"0"},{"last_affected":"8.1.5"},{"introduced":"0"},{"last_affected":"8.1.6"},{"introduced":"0"},{"last_affected":"8.1.7"},{"introduced":"0"},{"last_affected":"8.1.8"},{"introduced":"0"},{"last_affected":"8.1.9"}]}}],"versions":["1.0","2.0","3.0.1","5.0-beta-1","5.0-beta-2","5.0-rc-1","5.0-rc-2","6.0-beta-1","6.0-beta-2","6.0-beta-3","6.0-beta-4","6.0-rc-1","6.0-rc-2","6.0-rc-3","7.0","7.0-alpha1","7.0-alpha2","7.0-alpha3","7.0-alpha4","7.0-alpha5","7.0-alpha6","7.0-alpha7","7.0-beta1","7.0-beta2","7.0-beta3","7.0-rc-1","7.0-rc-2","7.0-rc-3","7.0-rc-4","7.0-unstable-1","7.0-unstable-10","7.0-unstable-2","7.0-unstable-3","7.0-unstable-4","7.0-unstable-5","7.0-unstable-6","7.0-unstable-7","8.0-alpha10","8.0-alpha11","8.0-alpha12","8.0-alpha13","8.0-alpha2","8.0-alpha3","8.0-alpha4","8.0-alpha5","8.0-alpha6","8.0-alpha7","8.0-alpha8","8.0-alpha9","8.0.0","8.0.0-alpha14","8.0.0-alpha15","8.0.0-beta1","8.0.0-beta10","8.0.0-beta11","8.0.0-beta12","8.0.0-beta13","8.0.0-beta14","8.0.0-beta15","8.0.0-beta16","8.0.0-beta2","8.0.0-beta3","8.0.0-beta4","8.0.0-beta5","8.0.0-beta6","8.0.0-beta7","8.0.0-beta9","8.0.0-rc1","8.0.0-rc2","8.0.0-rc3","8.0.0-rc4","8.0.1","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6","8.1.0","8.1.0-beta1","8.1.0-beta2","8.1.0-rc1","8.1.1","8.1.2","8.1.3","8.1.4","8.1.5","8.1.6","8.1.7","8.1.8","8.1.9","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7571.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha11"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha12"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha13"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha5"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha8"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}