SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported
This module displays node author information in a jQuery slider. The module doesn't sufficiently sanitize Profile2 fields in a provided block. This vulnerability is mitigated by the fact that an attacker must have a user account allowed to edit profile fields. CVE identifiers issued CVE-2015-3365...