1 results (0.070 seconds)

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. Vulnerabilidad Cross-site scripting (XSS) en el modulo Display Suite v7.x-1.x anterior a v7.x-1.7 y v7.x-2.x anterior a v7.x-2.3 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de una etiqueta del paquete entidad. • http://osvdb.org/94234 http://seclists.org/fulldisclosure/2013/Jun/94 https://drupal.org/node/2017639 https://drupal.org/node/2017641 https://drupal.org/node/2017933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •