Flag Module Project

flag_module_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Flag

flag

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-14556 1Flag Module Project 1Flag Jan 23, 2026 Jan 14, 2026 4.8 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
CVE-2014-3453 1Flag Module Project 1Flag May 6, 2026 May 17, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitra...Show more Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-14556

1Flag Module Project

1Flag

Jan 23, 2026

Jan 14, 2026

4.8 MEDIUM· v4

5.4 MEDIUM· v3

N/A· v2

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.

CVE-2014-3453

1Flag Module Project

1Flag

May 6, 2026

May 17, 2014

N/A· v4

N/A· v3

6.5 MEDIUM· v2

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.Show less