MidnightBSD

Advisories for password_policy_project

CVE-2015-4387 LOW

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
password_policy_project password_policy 6.x-1.10
password_policy_project password_policy 7.x-1.5
password_policy_project password_policy 7.x-1.3
password_policy_project password_policy 7.x-1.6
password_policy_project password_policy 6.x-1.5
password_policy_project password_policy 6.x-1.8
password_policy_project password_policy 7.x-1.7
password_policy_project password_policy 7.x-1.1
password_policy_project password_policy 7.x-1.10
password_policy_project password_policy 7.x-1.0
password_policy_project password_policy 6.x-1.2
password_policy_project password_policy 6.x-1.7
password_policy_project password_policy 7.x-1.8
password_policy_project password_policy 7.x-1.4
password_policy_project password_policy 6.x-1.1
password_policy_project password_policy 6.x-1.9
password_policy_project password_policy 6.x-1.6
password_policy_project password_policy 7.x-1.2
password_policy_project password_policy 7.x-1.9
password_policy_project password_policy 6.x-1.4
password_policy_project password_policy 6.x-1.0
password_policy_project password_policy 6.x-1.3