2 matches found
CVE-2013-4383
CVE-2013-4383 describes a cross-site scripting (XSS) vulnerability in the jQuery Countdown module for Drupal (7.x-1.x). The root cause is insufficient sanitization of settings, allowing a user with the access administration pages permission to inject arbitrary script or HTML into a page via unspe...
SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)
This jQuery Countdown Module enables you to display a countdown block based upon date settings. The jQuery Countdown Module does not properly sanitize the settings, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting XSS vulnerability. This vulnerability ...