CVE-2026-4393

A flaw was found in Drupal Automated Logout. A remote attacker could exploit a Cross-Site Request Forgery CSRF vulnerability to trick an authenticated user into performing unintended actions. This could lead to unauthorized actions being executed on behalf of the user without their consent...

EUVD-2026-16393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

The CVE-2026-4393 issue is a CSRF vulnerability in the Drupal Automated Logout module. The Root Cause: the logout routes are not sufficiently protected against CSRF, enabling an authenticated user to trigger unintended actions. Affected software: Drupal Automated Logout module; affected versions ...

Drupal Automated Logout 安全漏洞

Drupal Automated Logout is a login logout plugin developed by the Drupal company. Versions prior to 1.7.0 and 2.0.2 of Drupal Automated Logout contained security vulnerabilities, which were due to a vulnerability that could be exploited by cross-site request forgery attacks...

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...

CVE-2009-4829

Cross-site scripting XSS vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2009-4792

Malware in sbrugna...

Drupal Automated Logout Module HTML Injection Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An HTML injection vulnerability exists in Drupal's Automated Logout module that stems from a failure to adequately validate user input. An attacker could exploit this...

Automated Logout - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-081

This module provides a site administrator the ability to log users out after a specified time of inactivity. It is highly customizable and includes "site policies" by role to enforce log out. The module does not sufficiently filter user-supplied text that is stored in the configuration, resulting...

CVE-2009-4829

Cross-site scripting XSS vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2009-114 - Automated Logout - Cross Site Scripting

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module does not sanitize some of the user-supplied data before displaying it, leading to a cross-site scripting XSS vulnerability. Users who can take advantage of this vulnerability...