3 matches found
CVE-2014-8747
CVE-2014-8747 is a cross-site scripting (XSS) vulnerability in Drupal Commons 7.x-3.x (prior to 7.x-3.9) for Drupal. The issue affects messages in the activity stream related to content creation, where unsanitized content could allow injection of arbitrary scripts/HTML. Root cause: inadequate san...
CVE-2014-8747
Cross-site scripting XSS vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages...
SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)
Drupal Commons is a ready-to-use solution for building either internal or external communities. It provides a complete social business software solution for organizations. Drupal Commons displays an "activity stream" containing messages about actions users take on the site. In some cases, message...