174 matches found
CVE-2015-4378
Cross-site scripting XSS vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator...
Restricted blog post visible in the month summary page
Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...
Restricted blog post visible in the month summary page
Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...
Restricted blog post visible in the month summary page
Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...
CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
DEBIAN-CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
UBUNTU-CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
CVE-2014-7850
Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...
CVE-2014-4505
Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-4505
Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-4505
The CVE-2014-4505 entry applies to the Drupal contributed module Easy Breadcrumb (7.x-2.x) prior to 7.x-2.10. Root cause: the module does not properly sanitize user-supplied values, enabling cross-site scripting (XSS). Impact: remote attackers could inject arbitrary script/HTML via unspecified ve...
SA-CONTRIB-2014-063 - Easy Breadcrumb - Cross Site Scripting (XSS)
The Easy Breadcrumb module generates breadcrumbs from path aliases. This module does not properly sanitize user-supplied values creating a Cross Site Scripting XSS vulnerability. CVE identifiers issued CVE-2014-4505 Versions affected Easy breadcrumbs 7.x-2.x versions prior to 7.x-2.10. Drupal cor...
CVE-2012-2705
The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...
Cross site scripting
The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...
CVE-2012-2705
The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...