VYPR

Flag

by Drupal

CVEs (2)

  • CVE-2014-3453May 17, 2014
    risk 0.00cvss epss 0.02

    Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to…

  • CVE-2013-5964Sep 30, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.