4 matches found
CVE-2015-4387
Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2015-4387
The CVE-2015-4387 vulnerability affects the Drupal Password Policy module (6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11). The root cause is inadequate sanitization in certain administration pages when a policy uses the username constraint, allowing a crafted username imported from an exter...
CVE-2015-4387
Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...
Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090
The Password Policy module allows enforcing restrictions on user passwords by defining password policies. The module doesn't sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that only...