Site Documentation Project: >> Site Documentation >> 5.x-1.6 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-06-15
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
CVSS Score
5.0
EPSS Score
0.008
Published
2008-05-16