101 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields...
CVE-2013-1887
The CVE affects Drupal's Views module (7.x-3.x) prior to 7.x-3.6. The vulnerability arises from insufficient sanitization of certain view configuration fields, enabling remote authenticated users with specific permissions to inject arbitrary web script or HTML (XSS). The attacker would exploit th...
SA-CONTRIB-2012-134 - Views - Privilege Escalation
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on...
CVE-2012-2081
The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...
Design/Logic Flaw
The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...
CVE-2011-4113
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...
Sql injection
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...
CVE-2011-4113
CVE-2011-4113 describes a SQL injection vulnerability in the Drupal Views module , present in versions before 6.x-2.13 . The issue allows remote attackers to execute arbitrary SQL commands via vectors related to the filters/arguments on certain types of views with specific configurations of argum...
CVE-2011-4113
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...
Drupal Views Module Users Enumeration
This module exploits an information disclosure vulnerability in the 'Views' module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'. Drupal 6 with 'Views' module 'Drupal Views Module Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability...
SA-CONTRIB-2011-012 - Spaces - Access bypass
The Spaces module makes sitewide configuration options available to be overridden by individual "spaces" on a Drupal site. Spaces provides a Views module access plugin that does not properly check its permission setting which may allow underprivileged users to visit certain pages. This...
FreeBSD Ports: drupal6-views
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : Drupal Views plugin -- XSS (ff8b419a-0ffa-11e0-becc-0022156e8794)
Drupal security team reports : The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS...
CVE-2010-4520
Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...
Cross site scripting
Cross-site scripting XSS vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path...
CVE-2010-4520
Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...
CVE-2010-4519
Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...
CVE-2010-4520
The CVE-2010-4520 entry describes multiple cross-site scripting (XSS) vulnerabilities in Drupal’s Views module for 6.x releases, specifically before 6.x-2.11. The issue allows remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. The provided docum...