2 matches found
CVE-2014-9501
The CVE concerns the Drupal Poll Chart Block module (Drupal 7.x, versions prior to 7.x-1.2). The issue is an XSS vulnerability caused by insufficient sanitization of poll node titles displayed in the poll chart block, allowing remote authenticated users to inject arbitrary script/HTML. Affected p...
SA-CONTRIB-2014-124 - Poll Chart - Cross Site Scripting (XSS)
This module enables users to have a block displaying the result of the last poll as a chart. The module doesn't sufficiently sanitize poll node titles when displaying the block. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create polls and t...