2 matches found
CVE-2013-7064
Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site...