4 matches found
CVE-2015-3362
Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3362
Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3362
CVE-2015-3362 affects Drupal’s Video module (7.x-2.x) prior to 7.x-2.11. The vulnerability arises from insufficient sanitization of node titles when using the video WYSIWYG plugin, enabling XSS by remote authenticated users. Affected versions are Video 7.x-2.x from 7.x-2.2-beta1 through 7.x-2.10....
SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
This module enables you to upload, convert and playback videos. The module doesn't sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with th...