3 matches found
CVE-2014-8748
Cross-site scripting XSS vulnerability in the Google Doubleclick for Publishers DFP module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name...
CVE-2014-8748
CVE-2014-8748 is a Drupal DFP (Doubleclick for Publishers) module XSS vulnerability in the 7.x-1.x line, where unsanitized slot names output to HTML allows remote authenticated users with the administer dfp permission to inject arbitrary script or HTML. The affected versions are DFP 7.x-1.x prior...
SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)
This module enables you to create blocks to place advertisements from the Google Double Click for Publishers API DFP. The module doesn't sufficiently sanitize the slot names prior to output into HTML. This vulnerability is mitigated by the fact that an attacker must have a role with the permissio...