Drupal Project Issue File Review模块HTML注入漏洞

Bugtraq ID:65830 Drupal是一套开放源码的内容管理平台。 Drupal Project Issue File Review存在跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 Drupal Project Issue File Review 6.x-2.0 厂商补丁： Drupal ----- Drupal Project Issue File Review 6.x-2.17已经修复该漏洞，建议用户下载更新： http://drupal.org/project/projectissuefilerev...

SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)

The Simple Meta module provides a method to set meta tags, such as page title, description and keywords for nodes, views and other pages. The module doesn't sufficiently confirm user intent when adding and deleting meta tag entries allowing a malicious user to trick a site admin into deleting...

Drupal Context module < 6.x-2.0-rc4 HTML Injection

Binary data 5532.prm...

SA-CONTRIB-2010-029: Keys - Cross-site Request Forgery

The Keys module provides management of various API keys. The module is vulnerable to cross-site request forgeries CSRF via the keys delete form. This would allow a malicious user to trick an admin with the "administer keys" permission into deleting keys by directing them to the url via link or...