CVE-2014-1611

Cross-site scripting XSS vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field...

Cross site scripting

Cross-site scripting XSS vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field...

CVE-2014-1611

CVE-2014-1611 affects Drupal’s Anonymous Posting module (7.x-1.2 and 7.x-1.3). The vulnerability stems from insufficient sanitization of the name field when anonymous users submit content, allowing remote attackers to inject arbitrary JavaScript/HTML via the contact name. Drupal core is not affec...

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)

This module allows anonymous users to fill in their contact information name, email and homepage when posting any content type including Forum Topics. This allows the submitted name to be shown instead of the usual anonymous string provided by Drupal core. The module doesn't properly sanitize the...

News Server (NNTP) Anonymous Read / Write Access

The remote server seems open to remote users. Some people prefer open public NNTP servers to be able to read or post articles anonymously. Unwanted connections could waste your bandwidth or put you into legal trouble if a malicious person were to use your server to post abusive articles. Keep in...