3 matches found
CVE-2015-4372
Cross-site scripting XSS vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-4372
The Drupal Image Title module (7.x-1.x, prior to 7.x-1.1) contains a cross-site scripting (XSS) vulnerability that allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. The underlying issue is insufficient sanitization of user-s...
SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS)
Image Title module allows you to upload an image and use it as a node title. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must allowed to create/edit...