5 matches found
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
CVE-2014-8765
Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...
CVE-2014-8765
CVE-2014-8765 affects the Drupal Project Issue File Review (PIFR) module 6.x-2.x prior to 6.x-2.17. The vulnerability is Cross-Site Scripting (XSS) via a crafted patch that causes PIFR client test results to be sent to the PIFR_Server test results page, and an additional vector where remote authe...