EUVD-2015-4409

Malware in sbrugna...

Drupal EntityBulkDelete Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP.EntityBulkDelete is a module for bulk deletion of any type of entity. A cross-site scripting vulnerability exists in the Drupal EntityBulkDelete module, which allows remote attackers to exploit the vulnerability to inject...

CVE-2015-4386

Multiple cross-site scripting XSS vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing 1 comments, 2 taxonomy terms, or 3 nodes...

CVE-2015-4386

The CVE-2015-4386 entry refers to a Drupal EntityBulkDelete module vulnerability (7.x-1.0) involving multiple XSS flaws in unspecified administration pages. The root cause is insufficient sanitization of user-supplied text in admin interfaces, which could allow remote attackers to inject arbitrar...

CVE-2015-4386

Multiple cross-site scripting XSS vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing 1 comments, 2 taxonomy terms, or 3 nodes...

EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089

EntityBulkDelete module allows you to delete entities in bulk using the Batch API. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must be...