4 matches found
CVE-2015-2101
Cross-site scripting XSS vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2101
Cross-site scripting XSS vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2101
The CVE-2015-2101 entry concerns the Drupal Navigate module (6.x-1.x prior to 6.x-1.1; 7.x-1.x prior to 7.x-1.1). The underlying issue is insufficient sanitization of user input in the Navigate bar, leading to a Cross-Site Scripting (XSS) vulnerability that could allow remote attackers to inject ...
SA-CONTRIB-2015-049 - Navigate - Cross Site Scripting (XSS)
Navigate is a customizable navigation bar for Drupal. The module doesn't sufficiently sanitize user input when displaying the Navigate bar. Because the vulnerability is a Reflected Cross Site Scripting, the only mitigating factor is that the victim must be tricked into visiting a specially crafte...