MidnightBSD

Advisories for mediafront

CVE-2013-4380 LOW

Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mediafront mediafront 6.x-1.1
mediafront mediafront 6.x-1.0
mediafront mediafront 7.x-1.3
mediafront mediafront 7.x-1.5
mediafront mediafront 7.x-2.x
mediafront mediafront 7.x-1.1
mediafront mediafront 6.x-1.x
mediafront mediafront 6.x-1.2
mediafront mediafront 6.x-1.3
mediafront mediafront 7.x-1.4
mediafront mediafront 7.x-2.0
mediafront mediafront 7.x-1.0
mediafront mediafront 6.x-1.5
mediafront mediafront 7.x-1.x
mediafront mediafront 7.x-1.2