A flaw was found in Drupal 7 and Drupal 8. A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
Created drupal7 tracking bugs for this issue:
Affects: epel-all [bug 1548197]
Affects: fedora-all [bug 1548198]
All dependent bugs have been closed. Can this tracking bug be closed as well?
In reply to comment #2:
> All dependent bugs have been closed. Can this tracking bug be closed as
drupal6-6.38-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.