3 matches found
CVE-2012-1561
CVE-2012-1561 affects the Drupal Finder module (6.x-1.x before 6.x-1.26; 7.x-1.x; 7.x-2.x before 7.x-2.0-alpha8). The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the checkbox and radio b...
CVE-2012-1641
The CVE-2012-1641 issue affects the Drupal Finder module (versions 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8). The root cause is an unsanitized/import interface that enables remote authenticated users with the administer finder permission to execute arbitrary PHP code vi...
CVE-2012-6645
CVE-2012-6645 is an XSS vulnerability affecting Drupal Finder module autocomplete. The issue allows injection of arbitrary script/HTML via the node title in Finder 6.x-1.x (before 6.x-1.26), 7.x-1.x, and 7.x-2.x (before 7.x-2.0-alpha8). The underlying flaw is cross-site scripting in the autocompl...