2 matches found
CVE-2015-7307
Cross-site scripting XSS vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page...
CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150
CMS Updater allows to update Drupal core automatically with a subscription service. Access bypass The module does not sufficiently protect the settings page allowing any user with the permission "access administration pages" to change settings. This vulnerability is mitigated by the fact that an...