Lucene search
K

4 matches found

NVD
NVD
added 2015/06/15 2:59 p.m.17 views

CVE-2015-4387

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

2.6CVSS5.6AI score0.01178EPSS
Exploits0References5
CVE
CVE
added 2015/06/15 2:0 p.m.41 views

CVE-2015-4387

The CVE-2015-4387 vulnerability affects the Drupal Password Policy module (6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11). The root cause is inadequate sanitization in certain administration pages when a policy uses the username constraint, allowing a crafted username imported from an exter...

2.6CVSS5.8AI score0.01178EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.20 views

CVE-2015-4387

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

5.6AI score0.01178EPSS
Exploits0References5
Drupal
Drupal
added 2015/04/01 12:0 a.m.17 views

Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090

The Password Policy module allows enforcing restrictions on user passwords by defining password policies. The module doesn't sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that only...

2.6CVSS6.2AI score0.01178EPSS
Exploits0References10
Rows per page
Query Builder