EUVD-2013-0287

Malware in sbrugna...

CVE-2012-2078

Cross-site scripting XSS vulnerability in the Activity module 6.x-1.x for Drupal...

Cross site scripting

Cross-site scripting XSS vulnerability in the Activity module 6.x-1.x for Drupal...

Drupal UC Profile Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.UC Profile is one of the modules used to create and configure user profiles and files. An information disclosure vulnerability exists in the Drupal UC Profile module in versions 6.x-1.x...

CVE-2015-6665

Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...

CVE-2015-6665

CVE-2015-6665 affects Drupal 7.x up to version 7.39 and the Ctools module 6.x up to 6.x-1.14. The XSS flaw resides in the Ajax handler, allowing remote attackers to inject arbitrary scripts/HTML via a whitelisted HTML element (potentially the A tag). Remediation: upgrade to Drupal 7.39 and Ctools...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a 1 user name or 2 email address...

Drupal Password Policy模块跨站请求伪造和跨站脚本执行漏洞

BUGTRAQ ID: 51385 CVE ID: CVE-2012-1633 Drupal是一款开源CMS，可以作为各种网站的内容管理平台。 Drupal Password Policy模块6.x-1.x 存在跨站脚本漏洞。可允许远程攻击者劫持管理员用户接通用户请求的验证。 0 Drupal Password Policy 6.X-1.X 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/...

CVE-2011-5188

Cross-site scripting XSS vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-5189

CVE-2011-5189 affects Drupal's Webform Validation module (versions 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1). The vulnerability is a cross-site scripting (XSS) flaw that can be triggered by remote authenticated users who have permission to update Webform nodes, allowing them to inject ar...

CVE-2012-1640

Multiple cross-site scripting XSS vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when 1 adding or 2 updating a category...

CVE-2012-2302

Site Documentation Sitedoc module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2296

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)

The Simple Meta module provides a method to set meta tags, such as page title, description and keywords for nodes, views and other pages. The module doesn't sufficiently confirm user intent when adding and deleting meta tag entries allowing a malicious user to trick a site admin into deleting...

SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities

The XSS issue is: CVE: CVE-2012-2078 The CSRF issue is: CVE: CVE-2012-2079 The Activity module keeps track of the things people do on your site and provides mini-feeds of these activities in blocks, in a specialized table, and via RSS. The module is extensible so that any other module can integra...

CVE-2011-4560

Cross-site scripting XSS vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition...

CVE-2009-1738

Cross-site scripting XSS vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."...