CVE-2015-3387

The CVE-2015-3387 entry applies to Drupal’s contributed Taxonomy Tools module prior to 7.x-1.4. The vulnerability is an XSS flaw allowing remote authenticated users to inject arbitrary script or HTML via (1) node titles or (2) taxonomy term titles. Affected versions are Taxonomy Tools 7.x-1.x bef...

SA-CONTRIB-2013-027 - Professional theme - Cross Site Scripting (XSS)

This third-party contributed theme change Drupal's interface. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have to have the...

SA-CONTRIB-2011-054 - CKEditor - Access bypass

The CKEditor module allows Drupal to replace textarea fields with the CKEditor - a visual HTML editor, sometimes called WYSIWYG editor. The module doesn't protect private files appropriately. Private files can downloaded by anyone able to guess their URL. CVE identifiers issued CVE-2011-4972...