RSS   Vulnerabilities for 'Cms updater'   RSS

2015-09-21
 
CVE-2015-7307

 

 
Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page.

 
 
CVE-2015-7306

 

 
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.

 


Copyright 2024, cxsecurity.com

 

Back to Top