3 matches found
[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module
Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...
CVE-2014-1607
Cross-site scripting XSS vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE...
Drupal 7.14 EventCalendar Cross Site Scripting
Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...