Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/102126 - | |
References | () http://packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html - | |
References | () http://seclists.org/fulldisclosure/2014/Jan/77 - | |
References | () http://secunia.com/advisories/56476 - Vendor Advisory | |
References | () https://drupal.org/node/2173321 - Patch, Vendor Advisory | |
References | () https://drupal.org/node/2173437 - Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90526 - |
Information
Published : 2014-01-30 18:55
Updated : 2024-11-21 02:04
NVD link : CVE-2014-1611
Mitre link : CVE-2014-1611
CVE.ORG link : CVE-2014-1611
JSON object : View
Products Affected
anonymous_posting_project
- anonymous_posting
drupal
- drupal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')