21 matches found
PT-2026-56662
Name of the Vulnerable Software and Affected Versions Drupal Siteimprove Analytics versions 0.0.0 through 2.0.1 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module fails to sufficiently sanitize the Siteimprove Analytics identificati...
EUVD-2019-5906
Malware in sbrugna...
Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083
Simple XML sitemap is a SEO module that allows creating various XML sitemaps of the site's content and submitting them to search engines. The module doesn't sufficiently sanitize input when administering it, which leads to a Cross-site scripting XSS attack vector. This vulnerability is mitigated ...
CVE-2019-14769
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...
DRUPAL-CONTRIB-2025-043
Block Class enables you to add custom attributes to blocks. The module did not sufficiently sanitize custom attribute input, allowing for potential XSS attacks when malicious JavaScript was injected as a custom attribute. This vulnerability is mitigated by the fact that an attacker must have a ro...
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016
Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Drupal core's code extending Twig has also been updated to mitigate a related vulnerability. Multiple...
Remote Code Execution (RCE)
cms is vulnerable to Remote Code Execution. The vulnerability exists due to the system not restricting administrative permission to save to a Local volume with the File System Path setting set to a system directory after an attacker is able to hijack an administrator's session...
CVE-2019-19901
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...
CVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...
Remote code execution
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...
CVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...
CVE-2019-6339
Removed by vendor...
drupal -- Drupal core - Arbitrary PHP code execution
Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...
Ubuntu: Security Advisory (USN-2857-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 15.04 : linux vulnerability (USN-2857-1)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
Ubuntu 15.10 : linux vulnerability (USN-2858-1)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
Ubuntu 15.10 : linux-raspi2 vulnerability (USN-2858-3)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerability (USN-2858-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2858-2 advisory. Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files...
USN-2858-2: Linux kernel (Wily HWE) vulnerability
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges...
USN-2858-1: Linux kernel vulnerability
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges...