Scor

**Name of the Vulnerable Software and Affected Versions** E-Publish versions 5.x through 5.x-1.1 E-Publish versions 6.x through 6.x-1.0 beta1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For E-Publish versions 5.x through 5.x-1.1, update to version 5.x-1.1 or later. For E-Publish versions 6.x through 6.x-1.0 beta1, update to version 6.x-1.0 beta1 or later.

**Name of the Vulnerable Software and Affected Versions** E-Publish versions 5.x before 5.x-1.1 E-Publish versions 6.x before 6.x-1.0 beta1 **Description** A cross-site request forgery issue allows remote attackers to perform unauthorized actions as other users via unspecified vectors. **Recommendations** For E-Publish versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later. For E-Publish versions 6.x before 6.x-1.0 beta1, update to version 6.x-1.0 beta1 or later.

**Name of the Vulnerable Software and Affected Versions** BUEditor versions 4.7.x through 4.7.x-1.0 BUEditor versions 5.x through 5.x-1.1 **Description** The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces due to the editor deletion form not following Drupal's Forms API submission model. **Recommendations** For BUEditor versions 4.7.x through 4.7.x-1.0, update to version 4.7.x-1.0 or later. For BUEditor versions 5.x through 5.x-1.1, update to version 5.x-1.1 or later.