2 matches found
CVE-2014-8744
Affected software: Drupal Nivo Slider module, version 7.x-2.x prior to 7.x-1.11. Vulnerable component: the image title handling in the Nivo Slider module allows cross-site scripting. Root cause: insufficient sanitization of image titles permits injection of arbitrary script/HTML by remote authent...
SA-CONTRIB-2014-033 - Nivo Slider - Cross Site Scripting
Nivo Slider provides a way to showcase featured content. Nivo Slider gives administrators a simple method of adding slides to the slideshow, an administration interface to configure slideshow settings, and simple slider positioning using the Drupal block system. The module doesn't sufficiently...