3 matches found
CVE-2015-7879
Cross-site scripting XSS vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page...
CVE-2015-7879
The CVE-2015-7879 issue affects the Drupal Stickynote module for 7.x, before 7.x-1.3. Root cause: insufficient sanitization of note text on the admin listing page, allowing remote authenticated users with create/edit permission to inject arbitrary script or HTML (XSS). Affected versions: Stickyno...
Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154
This module enables you to create notes on a page inside a block. The module doesn't sufficiently sanitize the note text on the admin listing page. This vulnerability is mitigated by the fact that an attacker must have a role with a permission to create or edit a stickynote. CVE identifiers issue...