1 results (0.006 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo jQuery Countdown 7.x-1.x anterior a 7.x-1.1 para Drupal permite a usuarios remotos no autenticados con el permiso "access administration pages" inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/62340 https://drupal.org/node/2087089 https://drupal.org/node/2087095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •