26 matches found
DRUPAL-CONTRIB-2024-072
This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...
DRUPAL-CONTRIB-2024-058
This module enables you to add any HTML content you want in a tooltip displayed on mouse hover. The module does not sufficiently escape the markup inserted in the tooltip block. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...
DRUPAL-CONTRIB-2024-046
This module enables you to manage blocks from specific modules in the specific themes. The module doesn't sufficiently check permissions under the scenario when a block is added using the form "/admin/structure/block/add/plugin\id/theme" route "block.admin\add". The attacker can add the block to...
DRUPAL-CONTRIB-2023-016
The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...
Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016
The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...
Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049
This module enables you to conditionally display blocks in particular theme regions. The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker mu...
DRUPAL-CONTRIB-2020-024
This module enables you to add a configured ReadSpeaker button for text-to-speech for your site visitors. The module doesn't sufficiently sanitize block configuration causing a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wi...
CVE-2015-5513
Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...
CVE-2015-5513
Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...
CVE-2015-5513
CVE-2015-5513 affects Drupal via the Shibboleth authentication module (versions 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2). The root cause is an XSS flaw allowing remote authenticated users with the Administer blocks permission to inject arbitrary scripts/HTML through an unspecified vecto...
CVE-2015-4367
Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...
Cross site scripting
Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...
CVE-2015-4367
Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...
Cross site scripting
Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...
CVE-2012-2070
Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...
CVE-2010-1584
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
Cross site scripting
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
CVE-2010-1584
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
CVE-2010-1584
The CVE-2010-1584 entry affects the Drupal Context module prior to 6.x-2.0-rc4. It describes a Cross-site scripting (XSS) vulnerability where remote authenticated users with Administer Blocks privileges can inject arbitrary script or HTML via a block description. The root cause is inadequate sani...
Drupal 6.16 With Context 6.x-2.0-rc3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure may be found at: http://www.madirish.net/?article=457 CVE-2010-1584 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. T...