35 matches found
CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...
PT-2025-13866 · Unknown · Rapidoc Oas Field Formatter
Name of the Vulnerable Software and Affected Versions: RapiDoc OAS Field Formatter versions 0.0.0 through 1.0.0 Description: The issue affects the RapiDoc OAS Field Formatter, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations: Fo...
Drupal RapiDoc OAS Field Formatter 跨站脚本漏洞
Drupal RapiDoc OAS Field Formatter is a Drupal community field formatter for Drupal. A cross-site scripting vulnerability exists in Drupal RapiDoc OAS Field Formatter versions prior to 1.0.1, which stems from improper input neutralization and could lead to a cross-site scripting attack...
DRUPAL-CONTRIB-2025-025
This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...
Drupal RapiDoc OAS Field Formatter module < 1.0.1 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Joseph Zhao pandaski in WordPress Module RapiDoc OAS Field Formatter versions 1.0.1...
SUSE CVE-2018-3830
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
kibana: Cross-site scripting via the source field formatter
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3830
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3830
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3830
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3830
Kibana CVE-2018-3830 is a cross-site scripting (XSS) vulnerability in the source field formatter affecting Kibana versions 5.3.0 through 6.4.1. The issue allows an attacker to obtain sensitive information from or perform actions on behalf of other Kibana users. Remediation provided by the linked ...
Elastic Stack 6.4.1 and 5.6.12 security update
Kibana XSS issue ESA-2018-14 Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Affected Versions Versions afte...
PT-2018-16224 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions 5.3.0 through 6.4.1 Description: A cross-site scripting XSS issue was found in the source field formatter, allowing an attacker to obtain sensitive information or perform actions on behalf of other users. Recommendations: For...
CVE-2015-3385
Cross-site scripting XSS vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter...
Code injection
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...