Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Flag Module ProjectFlag

2 matches found

CVE
CVEadded 2014/05/17 7:0 p.m.50 views

CVE-2014-3453

CVE-2014-3453 affects the Drupal Flag module (flag import) where the eval injection occurs in flag_import_form_validate inside includes/flag.export.inc for Drupal 7.x-3.0, 7.x-3.5 and earlier. This enables remote code execution via the Flag import code text area (admin/structure/flags/import) for...

6.5CVSS7.5AI score0.02119EPSS
Web
CVE
CVEadded 2026/01/14 6:38 p.m.12 views

CVE-2025-14556

CVE-2025-14556 is an XSS in the Drupal Flag module. Affected: Drupal Flag versions 7.X-3.0 through 7.X-3.9 . Root cause: improper neutralization of input during web page generation . Impact: Cross-Site Scripting (XSS) vulnerability; attacker could inject scripts when users view pages. Exploitatio...

5.4CVSS5.5AI score0.00175EPSS