2 matches found
SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)
The MediaFront module provides a front-end media presentation layer for Drupal The module doesn't sufficiently filter user input from MediaFront preset settings. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer mediafront" to exploit th...
SA-CONTRIB-2012-024 - MediaFront - Cross Site Scripting
CVE: CVE-2012-1647 Within the MediaFront module, there is a PHP library for handling the stand alone application of the Open Standard Media player. Within this library, both the $SESSION and $SERVER variables are handled without proper checks to make sure that no malicious code is injected within...