2 matches found
CVE-2015-3369
The CVE-2015-3369 vulnerability affects the Drupal Taxonews module (versions < 6.x-1.2 and
SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
This module enables you to create blocks of nodes carrying a given taxonomy term. The module doesn't sufficiently escape term names in the blocks it builds leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...