CVE-2015-3365

CVE-2015-3365 is a Drupal XSS vulnerability in the nodeauthor module. The issue arises from insufficient sanitization of Profile2 fields inside a provided block, allowing remote authenticated users to inject arbitrary web script or HTML. Affected products include the nodeauthor module (all versio...