Lucene search
K

7 matches found

Drupal
Drupal
added 2015/04/22 12:0 a.m.21 views

HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097

HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. The module may store user passwords in plain text. This vulnerability is mitigated by the fact that the option "Ask user for...

3.5CVSS6.3AI score0.00981EPSS
Exploits0References11
Drupal
Drupal
added 2011/06/08 12:0 a.m.10 views

SA-CONTRIB-2011-022 - Cosign - SQL Injection

Under certain conditions the module deletes uid 1 and then does an unparameterized dbquery to insert a new uid 1. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer site configuration" and must be able to remotely manipulate the web serve...

6.8AI score
Exploits0References8
Prion
Prion
added 2009/10/09 2:30 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output...

3.5CVSS5.7AI score0.00842EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2009/10/09 2:30 p.m.16 views

CVE-2009-3653

Cross-site scripting XSS vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output...

3.5CVSS5.3AI score0.00842EPSS
Exploits0References4
Drupal
Drupal
added 2009/09/30 12:0 a.m.8 views

SA-CONTRIB-2009-063 - XML sitemap - Cross Site Scripting

The XML sitemap module creates a sitemap that conforms to the sitemaps.org specification. It also allows users with the 'administer site configuration' permission to add additional custom links to be included in the sitemap. In the additional links interface, the module does not properly sanitize...

6.2AI score
Exploits0References5
Prion
Prion
added 2009/03/05 2:30 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is...

3.5CVSS5.7AI score0.01077EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2009/03/05 2:0 a.m.27 views

CVE-2009-0817

Cross-site scripting XSS vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is...

5.3AI score0.01077EPSS
Exploits1References8
Rows per page
Query Builder