7 matches found
EUVD-2015-3414
Malware in sbrugna...
Drupal Taxonews Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Taxonews is one of the modules that generates blocks containing titles for nodes in the taxonomy vocabulary by matching conditions. A cross-site scripting vulnerability exists in the...
CVE-2015-3369
Cross-site scripting XSS vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block...
Cross site scripting
Cross-site scripting XSS vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block...
CVE-2015-3369
Cross-site scripting XSS vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block...
CVE-2015-3369
The CVE-2015-3369 vulnerability affects the Drupal Taxonews module (versions < 6.x-1.2 and
SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
This module enables you to create blocks of nodes carrying a given taxonomy term. The module doesn't sufficiently escape term names in the blocks it builds leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...