2 matches found
CVE-2015-7304
CVE-2015-7304 affects the Drupal amoCRM module (7.x-1.x) prior to 7.x-1.2. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data due to improper input handling. Impact is limited to affected amoCRM...
amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149
This module enables you to integrate with amoCRM service using webhooks. The module does not sufficiently sanitize the logged data when malicious POST data is received. This vulnerability is mitigated by the fact that a module such "Database logging" dblog must be enabled which displays log...