4 matches found
CVE-2026-34587
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...
CVE-2015-3390
Cross-site scripting XSS vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3390
CVE-2015-3390 corresponds to an XSS vulnerability in the Drupal module Facebook Album Fetcher . The issue arises from printing fields without proper sanitization, allowing remote authenticated users with the "access administration pages" permission to inject arbitrary script/HTML via unspecified ...
CVE-2012-1658
Cross-site scripting XSS vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors...