PT-2026-44164

Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...

EUVD-2015-3427

Malware in sbrugna...

EUVD-2015-3428

Malware in sbrugna...

EUVD-2015-3426

Malware in sbrugna...

Drupal Node basket module open redirection vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node basket is one of the modules that allows nodes to be selected from the current session store for payment operations. A security vulnerability exists in the Drupal Node basket modul...

CVE-2015-3382

Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...

CVE-2015-3381

Cross-site scripting XSS vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...

CVE-2015-3383

CVE-2015-3383 is a Drupal Node basket module open redirect vulnerability. The linked sources describe an open redirect issue (phishing risk) in the Node basket module and indicate that it affects all versions of the module. A remediation path is to uninstall or remove the Node basket module; othe...

CVE-2015-3381

Cross-site scripting XSS vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-3382

Drupal Node basket module contains CSRF vulnerabilities that can allow an attacker to hijack user sessions to add or remove nodes from a basket. Affected across versions prior to the fixes noted in the Drupal advisory; vectors are not detailed in the provided documents. Mitigation referenced: upd...

SA-CONTRIB-2015-042 - Node basket - Multiple vulnerabilities - Unsupported

Node basket module enables you to pick up nodes in a basket. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a user with permission to...