3 matches found
CVE-2015-3389
Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3389
Summary: CVE-2015-3389 affects the Drupal Public Download Count module (pubdlcnt). The vulnerability is an XSS in the Download counts report page in 7.x-1.x-dev and earlier due to insufficient sanitization, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified...
SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting (XSS) - Unsupported
Public Download Count module keeps track of file download counts. The module doesn't sufficiently sanitize user supplied text in the Download counts report page thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wit...