Cross site scripting

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

CVE-2009-3917

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

CVE-2009-3917

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

CVE-2009-3917

The CVE-2009-3917 entry concerns the Drupal S5 Presentation Player module (6.x-1.x) prior to 6.x-1.1. The issue is a cross-site scripting (XSS) vulnerability where an unspecified field copied into the HTML HEAD element can be abused to inject arbitrary scripts or HTML. The description notes the a...

SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting

The S5 Presentation Player module enables the creation of an S5 slideshow using content from the site. The module does not properly sanitize user supplied text it includes in the HTML HEAD section, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user...