5 matches found
SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting
The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...
CVE-2007-1028
Cross-site scripting XSS vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element...
Cross site scripting
Cross-site scripting XSS vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element...
CVE-2007-1028
Cross-site scripting XSS vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element...
CVE-2007-1028
CVE-2007-1028 is an XSS vulnerability in the Drupal module Barry Jaspan Image Pager (versions 4.7.x-1.x-dev and 5.x-1.x-dev prior to 2007-02-08). Remote attackers can inject arbitrary web script or HTML via vectors related to HTML entities and the IMG element. The exact exploitation vectors are n...