2 matches found
Drupal Yandex.Metrics module cross-site scripting vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Yandex.Metrics module that stems from a failure to adequately validate user input. The vulnerability can be...
Yandex.Metrics - Moderately critical - Cross site scripting - SA-CONTRIB-2017-078
The Yandex.Metrics module allows you to look for key indicators of your site effectiveness. The module doesn't sufficiently let users know a setting page should not be given to untrusted users. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...