2 matches found
CVE-2015-3361
The CVE-2015-3361 issue affects the Drupal Linkit module for Drupal 7.x (versions before 7.x-2.7 and 7.x-3.x before 7.x-3.3) when the node search plugin is enabled. It arises from insufficient sanitization of node titles in the search results list, allowing remote authenticated users to inject ar...
SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)
Linkit provides an easy interface for internal and external linking with wysiwyg editors and fields by using an autocomplete field. The module doesn't sufficiently sanitize node titles in the result list if the node search plugin is enabled. This vulnerability is mitigated by the fact that an...