EUVD-2012-5450

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym...

CVE-2012-5558

CVE-2012-5558 affects Drupal contributed modules Smiley (6.x-1.x before 6.x-1.1) and Smileys (6.x-1.x before 6.x-1.1). Root cause: these modules do not sufficiently sanitize user-defined smiley acronyms, enabling XSS when an attacker with the administer smiley permission injects arbitrary script/...

CVE-2012-5558

Cross-site scripting XSS vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym...

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

These modules enable you to substitutes text emoticons, like :-, with images. These modules don't sufficiently sanitize user defined smiley acronyms before displaying smiley images. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...