28 matches found
CVE-2015-4347
CVE-2015-4347 describes a cross-site scripting (XSS) vulnerability in Drupal’s inLinks Integration module. The issue arises from insufficient sanitization of user input in some path arguments, allowing remote attackers to inject arbitrary web script or HTML. The advisory indicates the vulnerabili...
CVE-2015-3345
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."...
CVE-2015-3345
The CVE-2015-3345 issue affects the Drupal PHPlist Integration Module (6.x-1.x) before 6.x-1.7. The vulnerability is an SQL injection that could allow remote administrators to execute arbitrary SQL commands via the phpList database. Root cause: the module’s integration points expose the Drupal/da...
CVE-2015-3345
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."...
SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection
The PHPlist Integration module provides an integration between a Drupal website and phpList newsletter manager. The module provides two main features: user sync and sending a node as a newsletter. The module introduces a SQL Injection vulnerability to the phpList database. The Drupal database is...
Default configuration
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 subscribing or 2 unsubscribing to...
SA-CONTRIB-2009-102 - PHPList Integration Module - Cross Site Request Forgery
The PHPList module provides a basic level of integration between Drupal and the PHPList mailing list application. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to unintentionally submit a form to a site where they are authenticate...