2 matches found
CVE-2014-9500
CVE-2014-9500 affects the Moip module for Drupal 7.x (versions prior to 7.x-1.4). The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient filtering of data in automatic notifications, allowing remote attackers to inject arbitrary script or HTML via the notification page call...
SA-CONTRIB-2014-122 - MoIP - Cross Site Scripting (XSS)
This module enables you to use Moip a Brazilian payment method with Drupal Commerce. The module doesn't sufficiently filter the data passed by the automatic notifications, leaving the possibility for a malicious user to insert Cross Site Scripting xss attacks. This vulnerability is mitigated by t...