3 matches found
CVE-2013-5315
CVE-2013-5315 is an XSS flaw in Drupal’s Scald module (MEE submodule). Affected: Scald 6.x-1.x before 6.x-1.0-beta3 and Scald 7.x-1.x before 7.x-1.1. Vulnerability: unsanitized atom title in Resource Manager (mee.module) allows remote injection of script/HTML. Impact is low to partial in integrit...
CVE-2013-4174
The CVE-2013-4174 entry affects Drupal Scald module 7.x-1.x prior to 7.x-1.1, with multiple XSS vulnerabilities in the Scald Flash and Scald Image prerender paths. Specifically, user-supplied values in flash_uri, flash_width, and flash_height (scald_flash_scald_prerender) and caption (scald_image...
CVE-2015-7305
The vulnerability CVE-2015-7305 affects the Drupal Scald module (Scald 7.x-1.x) prior to 7.x-1.5, where a misconfiguration allows remote attackers to obtain sensitive atom property information via a debug context, bypassing field restrictions. Affected software is the Scald: Media Management made...