Cross site scripting

2017-09-1117:29:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.

CPENameOperatorVersion
stickynoteeq7.120.12
stickynoteeq7.120.11
stickynoteeq7.120.10
stickynoteeq7.0.0-x1-xdev

Name	Operator	Version
stickynote	eq	7.120.12
stickynote	eq	7.120.11
stickynote	eq	7.120.10
stickynote	eq	7.0.0-x1-xdev

References

www.openwall.com/lists/oss-security/2015/10/21/2

www.securityfocus.com/bid/77022

www.drupal.org/node/2581519

www.drupal.org/node/2581997