2 matches found
SA-CONTRIB-2010-044: Bibliography - Cross Site Scripting
The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This is mitigated by the fact that only users with the 'administer...
SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting
The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer biblio' permission are able to exploi...