3 matches found
CVE-2014-8319
Cross-site scripting XSS vulnerability in the easysocialadminsummary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title...
CVE-2014-8319
CVE-2014-8319 describes a cross-site scripting (XSS) vulnerability in the Drupal Easy Social module (version 7.x-2.x prior to 7.x-2.11). The issue arises from insufficient validation of block titles when users create a custom block via the module’s admin interface, allowing remote authenticated u...
SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)
This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with th...