4 matches found
CVE-2013-0325
Multiple cross-site scripting XSS vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a 1 Watchdog message or 2 admin setting...
CVE-2013-0325
The vulnerability CVE-2013-0325 affects the Varnish module for Drupal (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2). The underlying issue is cross-site scripting (XSS) via user-supplied data in module configuration (two vectors: a Watchdog message and an admin setting). Impac...
CVE-2013-0325
Multiple cross-site scripting XSS vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a 1 Watchdog message or 2 admin setting...
SA-CONTRIB-2013-023 - Varnish module - Cross Site Scripting (XSS)
This module provides integration between your Drupal site and the Varnish HTTP Accelerator, an advanced and very fast reverse-proxy system. The module doesn't sufficiently filter user-supplied text provided in the configuration settings. This vulnerability is mitigated by the fact that an attacke...