2 matches found
CVE-2012-2298
The CVE-2012-2298 issue concerns vulnerabilities in the Drupal RealName module (6.x-1.x) prior to 6.x-1.5. The root cause is inadequate escaping of user-provided data, enabling remote attackers to inject arbitrary script/HTML via two vectors: (1) user names in page titles and (2) autocomplete cal...
CVE-2009-4524
CVE-2009-4524 affects the Drupal RealName module (6.x-1.x) prior to 6.x-1.3. It is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the realname element. The entry lists a MEDIUM impact with a base score of 4.3 (NVD), but exploitat...