3 matches found
CVE-2015-3392
Cross-site scripting XSS vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3392
CVE-2015-3392 (Drupal) affects the Ajax Timeline module for Drupal 7.x. The root cause is insufficient escaping of node titles when rendering the timeline, enabling a Cross-site Scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via a node t...
SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting (XSS)
Ajax Timeline module enables you to display a vertical timeline of nodes based off a date field or created date of the configured nodes. The module doesn't sufficiently escape node titles when displaying the timeline, allowing a malicious user to inject code. This vulnerability is mitigated by th...