CVE-2015-4366

Cross-site scripting XSS vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4366

Cross-site scripting XSS vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4366

CVE-2015-4366 affects Drupal’s contributed Mover module (6.x-1.0). The issue stems from insufficient sanitization of user-supplied text in certain pages, enabling Cross-Site Scripting (XSS) by remote authenticated users who have permissions to create/edit nodes. No exploit details provided beyond...

SA-CONTRIB-2015-070 - Mover - Cross Site Scripting (XSS) - Unsupported

The Mover modules provide the ability to move content between Drupal sites. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...