3 matches found
CVE-2013-0227
Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...
CVE-2013-0227
Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...
CVE-2013-0227
The CVE-2013-0227 entry involves Drupal's Search API Sorts module (7.x-1.x) with a XSS vulnerability caused by insufficient filtering of user-entered text in field labels. Affects Drupal 7.x, versions prior to 7.x-1.4. Impact: remote authenticated users with certain roles can inject arbitrary Jav...