2 matches found
CVE-2014-3933
The CVE-2014-3933 entry concerns Drupal's AddressField Tokens module (7.x-1.x) with a vulnerability in the address components field formatter that allows XSS by remote authenticated users. Affected versions are 7.x-1.x prior to 7.x-1.4. The root cause is improper filtering of address field values...
SA-CONTRIB-2014-052 - AddressField Tokens - Cross Site Scripting (XSS)
The AddressField Tokens module extends the addressfield module by adding token support. It also adds some convenient addressfield formatters and provides Webform addressfield integration. The module does not properly filter address field values, resulting in a Cross Site Scripting XSS vulnerabili...