4 matches found
EUVD-2026-43055
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
EUVD-2026-43056
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
CVE-2026-13232
CVE-2026-13232 affects Drupal Advanced Content Feedback (admin_feedback) versions 0.0.0–2.8.0. The root cause is insufficient authorization verification when processing a comment submission, leading to an Insecure Direct Object Reference/forceful browsing-style access bypass of targeted feedback ...
CVE-2026-13231
CVE-2026-13231 affects Drupal Advanced Content Feedback (admin_feedback) versions 0.0.0 through 2.8.0. The issue is improper neutralization of input during web page generation, enabling Stored XSS when administrator-configured response messages contain HTML or script markup that is emitted to vis...