4 matches found
CVE-2015-4370
Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...
CVE-2015-4370
Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...
CVE-2015-4370
CVE-2015-4370 is a XSS in the Drupal Site Documentation module (6.x-1.x) prior to 6.x-1.5. Root cause: insufficient sanitization of user-supplied text on certain pages, exploitable by remote authenticated users with permission to create/edit taxonomy terms. Impact: arbitrary script/HTML injection...
SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS)
Site Documentation module enables you to display detailed configuration information. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a user with...