2 matches found
CVE-2014-8743
CVE-2014-8743 corresponds to XSS in the Drupal Maestro module (7.x-1.x) prior to 7.x-1.4. The root cause is improper filtering of Role or Organic Group names when shown in workflow details, allowing remote authenticated users with certain permissions to inject arbitrary script/HTML. Affected soft...
SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)
The Maestro module enables you to create complex workflows, automating business processes. The module doesn't sufficiently filter Role or Organic Group names when displaying them in the workflow details. This vulnerability is mitigated by the fact that an attacker must have a role with the...