2 matches found
Drupal Login one time 'Ajax Callback' module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. login one time is one of the modules used to send one-time login link emails to users. A cross-site scripting vulnerability exists in the Drupal Login one time module in versions 7.x-2...
Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017
The Login one time module provides the ability to email one-time login links to users. The module doesn't sufficiently sanitize user input supplied to an ajax callback function. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security...