4 matches found
CVE-2014-8376
Cross-site scripting XSS vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context...
CVE-2014-8376
Cross-site scripting XSS vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context...
CVE-2014-8376
The CVE-2014-8376 entry applies to the Drupal Site Banner module (7.x) prior to 7.x-4.1. Affected component is the context administration sub-panel; the root cause is insufficient sanitization of existing context settings, exposing a Cross-Site Scripting (XSS) vulnerability. Remote authenticated ...
SA-CONTRIB-2014-081 - Site Banner - Cross Site Scripting (XSS)
The Site Banner module enables you to display a banner at the top and bottom of a Drupal site. This module incorrectly prints existing context settings without proper sanitization, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must...