6 matches found
EUVD-2013-4067
Malware in sbrugna...
CVE-2013-4140
Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4140
Cross-site scripting XSS vulnerability in the TinyBox Simple Splash module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4140
The CVE-2013-4140 entry concerns the TinyBox (Simple Splash) Drupal module. Affected: TinyBox 7.x-2.x versions prior to 7.x-2.1. Root cause: the module does not filter user-supplied text before display, enabling a cross-site scripting (XSS) risk when a remote authenticated user with the https://d...
SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS)
TinyBox module uses TinyBox, a lightweight and standalone modal window script. The main purpose of this module is to provide Splash Screen/Window as simple as possible. The module doesn't filter user-supplied text prior to display. The vulnerability is mitigated by the fact that an attacker must...