2 matches found
CVE-2013-4174
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...
SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)
This module enables you to handle media assets atoms in Drupal with a Views-based library, drag and drop interface and manage content attribution/licensing/distribution. The module doesn't sufficiently filter atom properties such as the atom title when outputting atoms, thereby exposing a Cross...