Frank Mably

#10101of 53,632
27.3Total CVSS
Vulnerabilities · 5
Medium
5
PT-2026-22090
4.8
2026-02-25
Drupal · Responsive Favicons · CVE-2026-3218
**Name of the Vulnerable Software and Affected Versions** Drupal Responsive Favicons versions prior to 2.0.2 **Description** A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting (XSS) issue. An attacker must possess the 'administer responsive favicons' permission to exploit this. The module adds favicons generated by `realfavicongenerator.net` to a Drupal site. The vulnerability is a type of Improper Neutralization of Input During Web Page Generation. **Recommendations** Update to version 2.0.2 or later.
PT-2026-2980
4.8
2026-01-14
Drupal · At Internet Piano Analytics · CVE-2026-0947
**Name of the Vulnerable Software and Affected Versions** Drupal AT Internet Piano Analytics versions 0.0.0 through 1.0.0 Drupal AT Internet Piano Analytics versions 2.0.0 through 2.3.0 **Description** The AT Internet Piano Analytics module for Drupal contains a Cross-Site Scripting (XSS) issue. The module does not properly filter text entered by administrators, leading to a persistent XSS condition. An attacker must have the 'administer pianoanalytics' permission to exploit this. **Recommendations** Update to version 1.0.1 or later. Update to version 2.3.1 or later.
PT-2026-6027
6.1
2026-01-14
Unknown · Drupal At Internet Smarttag · CVE-2026-0946
**Name of the Vulnerable Software and Affected Versions** Drupal AT Internet SmartTag versions prior to 1.0.1 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting (XSS). This means an attacker could potentially inject malicious scripts into web pages viewed by other users. **Recommendations** Update to version 1.0.1 or later.
PT-2025-26961
6.1
2025-06-26
Toc.Js · Toc.Js · CVE-2025-48923
Name of the Vulnerable Software and Affected Versions: Toc.Js versions 0.0.0 through 3.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), in Drupal Toc.Js. This allows an attacker to perform Cross-Site Scripting (XSS) attacks. Recommendations: For Toc.Js versions 0.0.0 through 3.2.1, update to version 3.2.1 or later to resolve the issue.
PT-2024-10136
5.5
2024-03-27
Tacjs · Tacjs · CVE-2024-13252
**Name of the Vulnerable Software and Affected Versions** TacJS versions 0.0.0 through 6.4.9 **Description** The issue is related to improper neutralization of input during web page generation, which allows for Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to perform inter-site script attacks. **Recommendations** For versions 0.0.0 through 6.4.9, update to version 6.5.0 or later to resolve the issue.