Lucene search
K

4 matches found

NVD
NVD
added 2015/04/21 4:59 p.m.21 views

CVE-2015-3362

Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

3.5CVSS5.3AI score0.00965EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.21 views

CVE-2015-3362

Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

5.3AI score0.00965EPSS
Exploits0References4
CVE
CVE
added 2015/04/21 4:0 p.m.131 views

CVE-2015-3362

CVE-2015-3362 affects Drupal’s Video module (7.x-2.x) prior to 7.x-2.11. The vulnerability arises from insufficient sanitization of node titles when using the video WYSIWYG plugin, enabling XSS by remote authenticated users. Affected versions are Video 7.x-2.x from 7.x-2.2-beta1 through 7.x-2.10....

3.5CVSS5.4AI score0.00965EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2015/01/14 12:0 a.m.21 views

SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)

This module enables you to upload, convert and playback videos. The module doesn't sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with th...

3.5CVSS5.7AI score0.00965EPSS
Exploits0References9
Rows per page
Query Builder