EUVD-2013-0289

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter...

CVE-2013-0259

Cross-site scripting XSS vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter...

CVE-2013-0259

The CVE-2013-0259 entry concerns Drupal’s contributed Boxes module (7.x-1.x) with versions prior to 7.x-1.1. The vulnerability is Cross-site scripting (XSS) that enables remote authenticated users who have administer or edit boxes permissions to inject arbitrary web script or HTML via the subject...

Drupal Boxes Module 'subject'字段HTML注入漏洞

Bugtraq ID:57642 Drupal是一款流行的内容管理系统。 Drupal Boxes模块不正确对"subject"字段进行HTML转义，允许攻击者利用漏洞进行跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 Drupal Boxes Module 7.x 厂商解决方案 Drupal Boxes Module 7.x-1.1已经修复此漏洞，建议用户下载使用： http://drupal.org/node/1897016...

SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS)

The subject field for the included simple box doesn't escape HTML properly. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to administer/edit boxes. Wikipedia has more information about cross site scripting XSS. CVE identifiers issued CVE-2013-02...