3 matches found
CVE-2014-1611
Cross-site scripting XSS vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field...
CVE-2014-1611
CVE-2014-1611 affects Drupal’s Anonymous Posting module (7.x-1.2 and 7.x-1.3). The vulnerability stems from insufficient sanitization of the name field when anonymous users submit content, allowing remote attackers to inject arbitrary JavaScript/HTML via the contact name. Drupal core is not affec...
SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
This module allows anonymous users to fill in their contact information name, email and homepage when posting any content type including Forum Topics. This allows the submitted name to be shown instead of the usual anonymous string provided by Drupal core. The module doesn't properly sanitize the...