2 matches found
CVE-2013-5964
Cross-site scripting XSS vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title...
CVE-2013-5964
The CVE-2013-5964 entry describes a Cross-site scripting (XSS) vulnerability in the Drupal Flag module (7.x-3.x) prior to 7.x-3.1. The issue occurs on the administration page where remote authenticated users with the Administer flags permission can inject arbitrary web script or HTML through the ...