CVE-2025-14556 XSS in Drupal 7 Flag Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

CVE-2025-14556

CVE-2025-14556 is an XSS in the Drupal Flag module. Affected: Drupal Flag versions 7.X-3.0 through 7.X-3.9 . Root cause: improper neutralization of input during web page generation . Impact: Cross-Site Scripting (XSS) vulnerability; attacker could inject scripts when users view pages. Exploitatio...

CVE-2025-14556 XSS in Drupal 7 Flag Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

EUVD-2013-5794

Malware in sbrugna...

EUVD-2014-3465

Malware in sbrugna...

EUVD-2025-11964

Malicious code in bioql PyPI...

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

CVE-2025-46595

The CVE affects Backdrop CMS, specifically the Flag module versions prior to 1.x-3.6.2. The root cause is that the module does not verify flag links before performing the flag action, nor verify that the response comes from the flag module, allowing crafted HTML to trigger Cross Site Scripting. P...

PT-2025-17873 · Backdrop Cms · Flag

Name of the Vulnerable Software and Affected Versions: Backdrop CMS Flag module versions prior to 1.x-3.6.2 Description: A Cross-Site Scripting issue was discovered in the Flag module for Backdrop CMS. The module does not verify flag links before performing the flag action, or verify that the...

CVE-2021-33320

The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with...

Drupal Flag Module Security Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security bypass vulnerability exists in the Drupal Flag module, which allows attackers to bypass security restrictions and perform unauthorized operations...

Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050

Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...

CVE-2014-3453

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

Design/Logic Flaw

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

CVE-2014-3453

CVE-2014-3453 affects the Drupal Flag module (flag import) where the eval injection occurs in flag_import_form_validate inside includes/flag.export.inc for Drupal 7.x-3.0, 7.x-3.5 and earlier. This enables remote code execution via the Flag import code text area (admin/structure/flags/import) for...

[oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer

Good morning, Could a CVE please be assigned to http://seclists.org/fulldisclosure/2014/May/44 if one has not been already? Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch applies, but I did not test it. For an older version, drupal6-flag-1.3-3.fc19 appears unaffected. Cheers...

CVE-2013-5964

Cross-site scripting XSS vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title...