Cross site scripting

Cross-site scripting XSS vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3344

The CVE-2015-3344 issue affects the Drupal Course module (versions 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.4). The underlying problem is insufficient filtering of node title displays, enabling remote authenticated users to inject arbitrary script/HTML via a node title (XSS). Affected ...

CVE-2015-3362

CVE-2015-3362 affects Drupal’s Video module (7.x-2.x) prior to 7.x-2.11. The vulnerability arises from insufficient sanitization of node titles when using the video WYSIWYG plugin, enabling XSS by remote authenticated users. Affected versions are Video 7.x-2.x from 7.x-2.2-beta1 through 7.x-2.10....

CVE-2015-3361

The CVE-2015-3361 issue affects the Drupal Linkit module for Drupal 7.x (versions before 7.x-2.7 and 7.x-3.x before 7.x-3.3) when the node search plugin is enabled. It arises from insufficient sanitization of node titles in the search results list, allowing remote authenticated users to inject ar...

CVE-2015-3376

Cross-site scripting XSS vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3348

Cross-site scripting XSS vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3359

Multiple cross-site scripting XSS vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the 1 node title of a "Room Reservations Category" ...

CVE-2015-3372

Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3362

Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2014-9498

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title...

CVE-2014-9498

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

SA-CONTRIB-2014-121 - Godwin's Law - Cross Site Scripting (XSS)

This module enables you to execute arbitrary Javascript by adding the script to the title of a node. The module doesn't sufficiently sanitize Watchdog messages when viewing the detail view of a specific Watchdog notification. It improperly translated the message rather than using proper Watchdog...

SA-CONTRIB-2014-114 - Tournament - Cross Site Scripting

This project allows you to create various types of tournaments as nodes and associated teams, tournaments, and matches. There are several cases in the project where an account username, node title, and team entity title are not correctly filtered before being displayed to a user. It is possible t...

CVE-2014-8075

Cross-site scripting XSS vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title...

SA-CONTRIB-2012-170 - MultiLink - Access Bypass

MultiLink allows you to generate in-content links to a suitable node or node translation based on the visitor's language preferences. It allows the Node Title of the target node to be shown as the visible text and title attribute for the generated link. Prior to versions 6.x-2.7 and 7.x-2.7 the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title...

CVE-2010-2010

Multiple cross-site scripting XSS vulnerabilities in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title...