CVE-2015-2197

Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...

CVE-2015-2197

Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...

CVE-2015-2197

CVE-2015-2197 affects Drupal’s Entity API module (7.x-1.x) before 7.x-1.6. The vulnerability is an XSS via field labels exposed through the Token API, caused by insufficient sanitization of user-supplied input. Impact: remote authenticated users can inject arbitrary script/HTML. Mitigation: upgra...

CVE-2015-2197

Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...

SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)

The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module doesn't sufficiently sanitize field labels when exposing them through the Token API thereby exposing a Cross Site Scripting XSS vulnerability. This...