7 matches found
EUVD-2013-0337
Malware in sbrugna...
CVE-2013-0319
Cross-site scripting XSS vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data...
CVE-2013-0319
Cross-site scripting XSS vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data...
Cross site scripting
Cross-site scripting XSS vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data...
CVE-2013-0319
Cross-site scripting XSS vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data...
CVE-2013-0319
The CVE concerns the Drupal Yandex.Metrics module. Affected: Yandex.Metrics 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5. Root cause: the module does not sufficiently escape Yandex.Metrica service data when displayed, enabling XSS via that data. Impact: remote attackers could inject arbitrar...
SA-CONTRIB-2013-017 - Yandex.Metrics - Cross site scripting (XSS)
The Yandex.Metrics module enables you to install Yandex.Metrica tracking code and watch reports by key indicators of user activity. The module doesn't sufficiently escape Yandex.Metrica service data when being displayed. This vulnerability is mitigated by the fact that it only impacts sites with...