CVE-2015-7879

Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.
References
Link Resource
http://www.openwall.com/lists/oss-security/2015/10/21/2 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/77022 Third Party Advisory VDB Entry
https://www.drupal.org/node/2581519 Release Notes Vendor Advisory
https://www.drupal.org/node/2581997 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stickynote_project:stickynote:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:stickynote_project:stickynote:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:stickynote_project:stickynote:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:stickynote_project:stickynote:7.x-1.x-dev:*:*:*:*:drupal:*:*

History

No history.

Information

Published : 2017-09-11 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2015-7879

Mitre link : CVE-2015-7879

CVE.ORG link : CVE-2015-7879


JSON object : View

Products Affected

stickynote_project

  • stickynote
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')