Lucene search
K

4 matches found

NVD
NVD
added 2013/07/29 11:27 p.m.20 views

CVE-2013-4140

Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.3AI score0.01089EPSS
Exploits0References8
CVE
CVE
added 2013/07/29 10:0 p.m.40 views

CVE-2013-4140

The CVE-2013-4140 entry concerns the TinyBox (Simple Splash) Drupal module. Affected: TinyBox 7.x-2.x versions prior to 7.x-2.1. Root cause: the module does not filter user-supplied text before display, enabling a cross-site scripting (XSS) risk when a remote authenticated user with the https://d...

2.1CVSS5.4AI score0.01089EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2013/07/29 10:0 p.m.23 views

CVE-2013-4140

Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.01089EPSS
Exploits0References8
Drupal
Drupal
added 2013/07/10 12:0 a.m.19 views

SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS)

TinyBox module uses TinyBox, a lightweight and standalone modal window script. The main purpose of this module is to provide Splash Screen/Window as simple as possible. The module doesn't filter user-supplied text prior to display. The vulnerability is mitigated by the fact that an attacker must...

2.1CVSS6.3AI score0.01089EPSS
Exploits0References11
Rows per page
Query Builder