EUVD-2015-3432

Malware in sbrugna...

CVE-2015-3387

Multiple cross-site scripting XSS vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a 1 node or 2 taxonomy term title...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a 1 node or 2 taxonomy term title...

CVE-2015-3387

The CVE-2015-3387 entry applies to Drupal’s contributed Taxonomy Tools module prior to 7.x-1.4. The vulnerability is an XSS flaw allowing remote authenticated users to inject arbitrary script or HTML via (1) node titles or (2) taxonomy term titles. Affected versions are Taxonomy Tools 7.x-1.x bef...

SA-CONTRIB-2015-046 - Taxonomy Tools - Cross Site Scripting (XSS)

Taxonomy Tools module provides alternative ways of managing taxonomy terms. The module doesn't sufficiently escape node and taxonomy term titles when displaying them, allowing a malicious user to inject code. This vulnerability is mitigated by the fact that an attacker must have a role with...