2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings...
CVE-2015-4392
CVE-2015-4392 describes an XSS vulnerability in the Drupal Display Suite module for version 7.x-2.7. The issue allows remote authenticated users to inject arbitrary script/HTML via field display settings. The root cause is improper sanitization in Display Suite 7.x-2.7. Mitigation: upgrade to Dis...