Lucene search
K

4 matches found

NVD
NVD
added 2015/06/15 2:59 p.m.16 views

CVE-2015-4370

Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...

3.5CVSS5.3AI score0.00965EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.20 views

CVE-2015-4370

Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...

5.3AI score0.00965EPSS
Exploits0References4
CVE
CVE
added 2015/06/15 2:0 p.m.34 views

CVE-2015-4370

CVE-2015-4370 is a XSS in the Drupal Site Documentation module (6.x-1.x) prior to 6.x-1.5. Root cause: insufficient sanitization of user-supplied text on certain pages, exploitable by remote authenticated users with permission to create/edit taxonomy terms. Impact: arbitrary script/HTML injection...

3.5CVSS5.4AI score0.00965EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2015/03/11 12:0 a.m.24 views

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS)

Site Documentation module enables you to display detailed configuration information. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a user with...

3.5CVSS6AI score0.00965EPSS
Exploits0References10
Rows per page
Query Builder