3 matches found
CVE-2015-3372
The Drupal Node Invite module (6.x) is vulnerable prior to 6.x-2.5: an XSS flaw allows remote authenticated users to inject script/HTML via a node title. Additional issues include CSRF exposure and an open redirect vulnerability. Affected versions: Node Invite 6.x-2.x before 6.x-2.5; Drupal core ...
CVE-2015-3372
Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
SA-CONTRIB-2015-032 - Node Invite - Multiple vulnerabilities
Node Invite module enables you to invite people to RSVP on node types that have been configured to represent events. The module doesn't sufficiently sanitize the titles of nodes in some listings, allowing a malicious user to inject code, thereby leading to a Cross Site Scripting XSS vulnerability...