1 results (0.030 seconds)

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. Una vulnerabilidad de ejecución de secuencias de comandos en el formateador de separación de título y URL del módulo de Drupal "Link" v5.x antes de v5.x-2.6 y v6.x antes de v6.x-2.7, permite a atacantes remotos inyectar HTML o scripts web a través del campo de título del enlace. • http://drupal.org/node/620662 http://drupal.org/node/620668 http://drupal.org/node/623562 http://osvdb.org/59672 http://secunia.com/advisories/37289 http://www.securityfocus.com/bid/36928 https://exchange.xforce.ibmcloud.com/vulnerabilities/54142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •