Lucene search
K

4 matches found

OSV
OSV
added 2025/11/05 6:9 p.m.4 views

DRUPAL-CONTRIB-2025-116

This module provides the ability to convert any entity form into a simple multi-step form. The module doesn’t sufficiently filter certain user-provided text leading to a cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

3.5CVSS5.9AI score0.00148EPSS
Exploits0References1
Drupal
Drupal
added 2025/11/05 12:0 a.m.13 views

Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116

This module provides the ability to convert any entity form into a simple multi-step form. The module doesn’t sufficiently filter certain user-provided text leading to a cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

3.5CVSS5.3AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2024/12/04 4:20 p.m.6 views

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

4.8CVSS6.6AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2023/06/14 2:52 p.m.3 views

DRUPAL-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

6AI score
Exploits0References1
Rows per page
Query Builder