3 matches found
CVE-2014-8376
Cross-site scripting XSS vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context...
CVE-2014-8376
Cross-site scripting XSS vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context...
CVE-2014-8376
The CVE-2014-8376 entry applies to the Drupal Site Banner module (7.x) prior to 7.x-4.1. Affected component is the context administration sub-panel; the root cause is insufficient sanitization of existing context settings, exposing a Cross-Site Scripting (XSS) vulnerability. Remote authenticated ...