CVE-2013-4140

The CVE-2013-4140 entry concerns the TinyBox (Simple Splash) Drupal module. Affected: TinyBox 7.x-2.x versions prior to 7.x-2.1. Root cause: the module does not filter user-supplied text before display, enabling a cross-site scripting (XSS) risk when a remote authenticated user with the https://d...