1 results (0.004 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la UI de configuración en el módulo Context Form Alteration 7.x-1.x anterior a 7.x-1.2 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar contextos' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/58307 http://www.securityfocus.com/bid/67173 https://www.drupal.org/node/2253103 https://www.drupal.org/node/2254853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •