4 matches found
CVE-2015-4369
Cross-site scripting XSS vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-4369
The CVE-2015-4369 entry relates to a Cross‑Site Scripting (XSS) vulnerability in the Drupal Trick Question module. Affected software: Trick Question module for Drupal 6.x (versions prior to 6.x-1.5) and Drupal 7.x (prior to 7.x-1.5). Root cause: the module does not sufficiently sanitize user‑subm...
CVE-2015-4369
Cross-site scripting XSS vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting (XSS)
The Trick Question is a CAPTCHA-type spam prevention module; a lightweight, compact and simple alternative to larger and more complex modules. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. The vulnerability is...