5 matches found
CVE-2015-6808
Cross-site scripting XSS vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...
CVE-2015-6808
Cross-site scripting XSS vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...
CVE-2015-6808
The CVE-2015-6808 issue affects the Drupal Spotlight module for 7.x-1.x, specifically versions prior to 7.x-1.5. It is a Cross-site Scripting (XSS) vulnerability that allows remote authenticated users with certain permissions to inject arbitrary script or HTML via a node title. The root cause rel...
CVE-2015-6808
Cross-site scripting XSS vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...
Spotlight - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-142
The Spotlight module provides a tool that mimics Mac OS X Spotlight functionality. It provides faster access to content, paths and uploaded files. The module doesn't sufficiently sanitize node titles when displayed in results. This vulnerability is mitigated by the fact that an attacker must have...