4 matches found
CVE-2015-3365
Cross-site scripting XSS vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block...
CVE-2015-3365
CVE-2015-3365 is a Drupal XSS vulnerability in the nodeauthor module. The issue arises from insufficient sanitization of Profile2 fields inside a provided block, allowing remote authenticated users to inject arbitrary web script or HTML. Affected products include the nodeauthor module (all versio...
Multiple cross-site scripting vulnerabilities in Drupal nodeauthor module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal nodeauthor module because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities to execute arbitrary script code in...
SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported
This module displays node author information in a jQuery slider. The module doesn't sufficiently sanitize Profile2 fields in a provided block. This vulnerability is mitigated by the fact that an attacker must have a user account allowed to edit profile fields. CVE identifiers issued CVE-2015-3365...