3 matches found
CVE-2014-9739
CVE-2014-9739 affects the Drupal Node Field module (7.x-2.x) prior to 7.x-2.45. The vulnerability is a cross-site scripting (XSS) flaw that allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields. Root cau...
CVE-2014-9739
Cross-site scripting XSS vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields...
SA-CONTRIB-2014-112 - Node Field - Cross Site Scripting (XSS)
Node Field module allows you to add custom extra fields to single Drupal nodes. The module doesn't sufficiently sanitize user input for some of the module's internal fields. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create nodes. CVE...