CVE-2015-7306

The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission...

Drupal CMS Updater Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP.CMS Updater module for Drupal is a module for Drupal that provides security protection for Drupal websites. A cross-site scripting vulnerability in the Drupal CMS Updater module 7.x-1.3 prior to version 7.x-1.x allows...