CVE-2017-15202

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user...

CVE-2017-15204

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user...

CVE-2017-15208

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...

CVE-2014-7869

Cross-site scripting XSS vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-7869

The vulnerability CVE-2014-7869 affects the Drupal contributed module Context Form Alteration (7.x-1.x) prior to 7.x-1.2. The root cause is insufficient input sanitization in the module’s Configuration UI, allowing remote authenticated users with the administer contexts permission to inject arbit...

CVE-2014-7869

Cross-site scripting XSS vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2014-046 - Context Form Alteration - Cross Site Scripting (XSS)

The Context Form Alteration module enables admins to alter forms via Context reactions. The module doesn't sufficiently sanitize user input entered within the Context configuration UI. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...