3 matches found
CVE-2014-8378
Cross-site scripting XSS vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form...
CVE-2014-8378
CVE-2014-8378 affects the Drupal contributed TableField module (7.x-2.x) prior to 7.x-2.3. The vulnerability is a cross-site scripting (XSS) flaw where remote authenticated users with the permissions to administer content types or administer taxonomy can inject arbitrary web script or HTML via th...
SA-CONTRIB-2014-077 - TableField - Cross Site Scripting (XSS)
This module enables you to create a field attached to a entity which stores tabular data. The module doesn't sufficiently sanitize the field help text when presented to a privileged user. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...