3 matches found
CVE-2015-3368
Cross-site scripting XSS vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name...
CVE-2015-3368
CVE-2015-3368 affects Drupal Classified Ads module (versions prior to 6.x-3.1 and 7.x-3.x prior to 7.x-3.1). The vulnerability is a cross-site scripting (XSS) in the administration UI where remote authenticated users with the administer taxonomy permission can inject arbitrary script/HTML via the...
SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS)
Classified Ads module enables administrators to create classified ads in various categories. The module doesn't correctly escape the category names in its administration user interface. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...