EUVD-2014-9318

Malware in sbrugna...

CVE-2014-9501

Cross-site scripting XSS vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title...

CVE-2014-9501

The CVE concerns the Drupal Poll Chart Block module (Drupal 7.x, versions prior to 7.x-1.2). The issue is an XSS vulnerability caused by insufficient sanitization of poll node titles displayed in the poll chart block, allowing remote authenticated users to inject arbitrary script/HTML. Affected p...

CVE-2014-9501

Cross-site scripting XSS vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title...

SA-CONTRIB-2014-124 - Poll Chart - Cross Site Scripting (XSS)

This module enables users to have a block displaying the result of the last poll as a chart. The module doesn't sufficiently sanitize poll node titles when displaying the block. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create polls and t...