2 matches found
CVE-2014-4506
Cross-site scripting XSS vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via the 1 attribute or 2 content value for a...
SA-CONTRIB-2014-065 - Custom Meta - Cross Site Scripting (XSS)
The module allows you to define and manage custom meta tags. The module does not sufficiently sanitize user input before displaying the attribute and content values for meta tags on the administration page. This vulnerability is mitigated by the fact that an attacker must have access to an accoun...