3 matches found
CVE-2015-3390
CVE-2015-3390 corresponds to an XSS vulnerability in the Drupal module Facebook Album Fetcher . The issue arises from printing fields without proper sanitization, allowing remote authenticated users with the "access administration pages" permission to inject arbitrary script/HTML via unspecified ...
CVE-2015-3390
Cross-site scripting XSS vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2015-038 - Facebook Album Fetcher - Cross Site Scripting (XSS) - Unsupported
Facebook Album Fetcher module allows you to fetch Facebook albums from a Facebook account. The module incorrectly prints fields without proper sanitization thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...