CVE-2013-0319
The CVE concerns the Drupal Yandex.Metrics module. Affected: Yandex.Metrics 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5. Root cause: the module does not sufficiently escape Yandex.Metrica service data when displayed, enabling XSS via that data. Impact: remote attackers could inject arbitrar...