MidnightBSD

Advisories for flag_module_project

CVE-2014-3453 MEDIUM

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
flag_module_project flag 7.x-3.3
flag_module_project flag 7.x-3.1
flag_module_project flag 7.x-3.0
flag_module_project flag 7.x-3.x
flag_module_project flag *
flag_module_project flag 7.x-3.4
flag_module_project flag 7.x-3.2
CVE-2025-14556

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.

Products Affected

Vendor Product Version
flag_module_project flag *