6 matches found
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
CVE-2014-8765
CVE-2014-8765 affects the Drupal Project Issue File Review (PIFR) module 6.x-2.x prior to 6.x-2.17. The vulnerability is Cross-Site Scripting (XSS) via a crafted patch that causes PIFR client test results to be sent to the PIFR_Server test results page, and an additional vector where remote authe...
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
SA-CONTRIB-2014-023 - Project Issue File Review - XSS
The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...