18 matches found
DRUPAL-CONTRIB-2025-116
This module provides the ability to convert any entity form into a simple multi-step form. The module doesn’t sufficiently filter certain user-provided text leading to a cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
EUVD-2015-5462
Malware in sbrugna...
EUVD-2024-51518
Malicious code in bioql PyPI...
The vulnerability of the Entity Form Steps module in the Drupal CMS system, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Entity Form Steps module in the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2024-13305
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting XSS.This issue affects Entity Form Steps: from 0.0.0 before 1.1.4...
CVE-2024-13305
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting XSS.This issue affects Entity Form Steps: from 0.0.0 before 1.1.4...
CVE-2024-13305 Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting XSS.This issue affects Entity Form Steps: from 0.0.0 before 1.1.4...
CVE-2024-13305
The CVE-2024-13305 entry concerns the Drupal Entity Form Steps module, with the affected range: 0.0.0 through 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). The vulnerability is tied to the Entity Form Steps functionality...
CVE-2024-13305 Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting XSS.This issue affects Entity Form Steps: from 0.0.0 before 1.1.4...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Entity Form Steps prior to version 1.1.4, which stems from improper input neutralization during page generation, resulting in a cross-site scripting...
PT-2024-10087 · Drupal · Drupal Entity Form Steps
Name of the Vulnerable Software and Affected Versions: Drupal Entity Form Steps versions 0.0.0 through 1.1.3 Description: The issue is related to improper neutralization of input during web page generation, allowing for Cross-Site Scripting XSS attacks. This can enable a remote attacker to conduc...
Drupal Entity Form Steps module < 1.1.4 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Ide Braakman in WordPress Module Entity Form Steps versions 1.1.4...
Service Update 0.20 for Microsoft Dynamics 365 9.0
None None...
CVE-2015-5507
Cross-site scripting XSS vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5507
The issue is a Cross-Site Scripting (XSS) vulnerability in the Drupal contributed module Inline Entity Form (7.x-1.x) prior to 7.x-1.6. The module does not sufficiently sanitize user-supplied text, allowing remote authenticated users with permission to create or edit fields to inject arbitrary sc...
CVE-2015-5507
Cross-site scripting XSS vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors...
Drupal Inline Entity Form Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Inline Entity Form module, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensiti...
Inline Entity Form - Less critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120
The Inline Entity Form module provides a field widget for inline management creation, modification, removal of referenced entities. The module doesn't sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that ...