14 matches found
PT-2023-9865 · Unknown · Email Registration
Name of the Vulnerable Software and Affected Versions: Email Registration versions 5.x-2.1 Description: A critical issue affects the email registration user function of the email registration.module file. The manipulation of the namenew argument leads to SQL injection. The attack can be initiated...
GHSA-QP8Q-GWF5-HQH2 Drupal Cross-Site Scripting vulnerability
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display...
GHSA-HCQ9-HMGF-6QR9 Drupal SQL Injection vulnerability
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names...
Drupal SQL Injection vulnerability
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names...
Drupal Cross-Site Scripting vulnerability
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display...
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names...
Sql injection
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names...
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names...
CVE-2011-2715
Drupal 6.20 with Data 6.x-1.0-alpha14 is affected by an SQL Injection vulnerability caused by insufficient sanitization of table names or column names. The flaw can compromise data confidentiality and integrity (per CVE description). The connected records corroborate this issue across multiple so...
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display...
SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities
This module enables you to set alarms for your IRC bot. The module does not properly escape the message and channels of alarms in pages listing the alarms, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting
The GovDelivery module provides integration with the GovDelivery On-Demand Mailer service, a web service for GovDelivery customers that sends messages directly based on configured account information. The module replaces the backend of SMTP library in your Drupal site with calls to the GovDeliver...
Cross site scripting
Cross-site scripting XSS vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page...
Cross site scripting
Cross-site scripting XSS vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...