CVE-2015-3372
The Drupal Node Invite module (6.x) is vulnerable prior to 6.x-2.5: an XSS flaw allows remote authenticated users to inject script/HTML via a node title. Additional issues include CSRF exposure and an open redirect vulnerability. Affected versions: Node Invite 6.x-2.x before 6.x-2.5; Drupal core ...