CVE-2015-3353
CVE-2015-3353: XSS in Drupal Field Display Label module (7.x) prior to 7.x-1.3. Root cause: inadequate sanitization of the alternate field label in content types settings, allowing remote authenticated users to inject arbitrary script/HTML. Affected: Drupal 7.x-1.x before 7.x-1.3 (Field Display L...