Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://www.drupal.org/node/2438357 | patch |
https://www.drupal.org/node/2445953 | vendor advisory |
http://www.openwall.com/lists/oss-security/2015/04/25/6 | mailing list |
http://www.securityfocus.com/bid/72947 | vdb entry |