3 matches found
CVE-2015-3360
Cross-site scripting XSS vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3360
CVE-2015-3360 describes a Cross-Site Scripting (XSS) vulnerability in the Drupal contributed Term Merge module for 7.x-1.x prior to 7.x-1.2. The issue arises because user input is not sufficiently filtered under certain conditions, allowing remote authenticated users to inject arbitrary web scrip...
SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)
This module enables you to merge synonymous taxonomy terms among themselves. The module doesn't sufficiently filter user input under certain conditions, thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must be able to create...