2 matches found
CVE-2015-3348
CVE-2015-3348 concerns the Cloudwords for Multilingual Drupal module (Drupal 7.x) prior to 7.x-2.3. The vulnerability is an XSS flaw where remote authenticated users can inject arbitrary script/HTML via a node title due to insufficient sanitization. Affected software: Cloudwords for Multilingual ...
CVE-2015-3347
The CVE-2015-3347 entry concerns the Cloudwords for Multilingual Drupal module for Drupal 7.x before 7.x-2.3, where a Cross-Site Request Forgery (CSRF) vulnerability could allow remote attackers to hijack a victim’s authenticated session via an unspecified menu callback. Public references confirm...