2 matches found
Drupal Autocomplete Deluxe Module Cross-Site Scripting Vulnerability
Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . Autocomplete Deluxe is one of the modules based on the JQuery UI autocomplete for the classification field to create a new widget . A cross-site scripting vulnerability...
Autocomplete Deluxe - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-003
This module creates a new widget for taxonomy fields based on JQuery UI autocomplete. The module doesn't sufficiently escape the entered taxonomy terms thereby exposing a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have the permission ...