12 matches found
EUVD-2014-8161
Malware in sbrugna...
EUVD-2014-7720
Malware in sbrugna...
EUVD-2014-8576
Malware in sbrugna...
CVE-2014-7870
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to...
CVE-2014-8320
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page...
CVE-2014-8320
The CVE-2014-8320 entry concerns Drupal's Custom Search module (6.x-1.x prior to 6.x-1.12 and 7.x-1.x prior to 7.x-1.14). The vulnerability is an XSS flaw where remote authenticated users with certain permissions can inject arbitrary web script or HTML via the "Label text" field on the results co...
CVE-2014-8320
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page...
CVE-2014-8745
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label...
Cross site scripting
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label...
CVE-2014-8745
The CVE-2014-8745 issue affects Drupal via the contributed Custom Search module (versions 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15). The root cause is an unsanitized taxonomy vocabulary label displayed by the module, enabling Cross-Site Scripting (XSS). Exploitation requires remote aut...
CVE-2014-7870
Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to...
CVE-2014-7870
CVE-2014-7870 is a Drupal XSS vulnerability in the Custom Search module. Affected: Custom Search 6.x-1.x < 6.x-1.12 and 7.x-1.x