43 matches found
CVE-2009-0603
Cross-site scripting XSS vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter aka the Help field. NOTE: some of these details are...
CVE-2009-0603
The CVE-2009-0603 entry concerns a Cross-site Scripting (XSS) vulnerability in the Drupal Link module 5.x-2.5 for Drupal 5.10 (index.php). The underlying issue allows remote authenticated users who have the "administer content types" privilege to inject arbitrary script/HTML via the description p...
Spaiz-Nuke/PHP-nuke multiple bugs
SQL injection during authentication, SQL injection in web-link module, SQL injection in download module, access with encrypted password...