3 matches found
CVE-2015-3364
Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...
CVE-2015-3364
The CVE-2015-3364 entry concerns the Drupal Content Analysis module (6.x-1.x) prior to 6.x-1.7. An XSS vulnerability arises from insufficient sanitization of input in log messages, allowing remote attackers to inject arbitrary script/HTML. Public disclosures and advisories confirm affected versio...
SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)
The Content Analysis module is an API designed to help modules that need to analyze content. The module fails to sanitize user input in log messages, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that only sites with dblog module enabled are...