2 matches found
Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154
This module enables you to create notes on a page inside a block. The module doesn't sufficiently sanitize the note text on the admin listing page. This vulnerability is mitigated by the fact that an attacker must have a role with a permission to create or edit a stickynote. CVE identifiers issue...
SA-CONTRIB-2012-010 - stickynote - Multiple vulnerabilities
CVE: CVE-2012-1636 This module enables you to add textual notes in a block to perform quality assurance of your site. Previously it did not sufficiently protect against Cross Site Scripting XSS or Cross Site Request Forgery CSRF. This vulnerability is mitigated by the fact that an attacker must...