SA-CONTRIB-2010-009 - Block Class - Cross Site Scripting

Block Class module allows users to add classes to any block through the block's configuration interface. This release includes a fix for a cross-site scripting XSS vulnerability through which JavaScript could be inserted in the class field of a block's configuration interface. Versions affected...

XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)

XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish,...

SA-2008-070 - Comment Mail - Cross site request forgery

The Comment Mail module allows an email to be sent to the site administrators when new comments are posted. Links in the email allow for quick approval, editing, deletion of the comment and/or banning of the poster's IP address. Unfortunately some links are vulnerable to cross site request...

SA-2008-032 - Magic Tabs - Arbitrary code execution

Magic Tabs provides an implementation of tabs filled via AJAX requests. Malicious users are able to run arbitrary PHP code via URL arguments to Magic Tabs as it does not provide a whitelist of callbacks. Versions affected Magic Tabs for Drupal 5.x prior to Magic Tabs 5.x-1.1 Drupal core is not...

SA-2007-032 - Shoutbox - Cross site scripting

Message sent from the Shoutbox block, where visitors can quickly post short messages, are not properly sanitized in a number of cases. This allows malicious users to inject arbitrary HTML and script code into the block. Learn more about cross site scripting on Wikipedia. Versions affected Shoutbo...