Lucene search
K

6 matches found

Drupal
Drupal
added 2014/04/02 12:0 a.m.23 views

SA-CONTRIB-2014-034 - Custom Search - Cross Site Scripting

The Custom Search module alters the default search box to provide additional search filtering options and control. Custom Search contains a persistent cross-site scripting XSS vulnerability due to the fact that it fails to sanitize filter labels before display. This vulnerability is mitigated by...

3.5CVSS5.5AI score0.00946EPSS
Exploits0References13
Drupal
Drupal
added 2013/11/06 12:0 a.m.24 views

SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass

Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view access. CVE identifiers issued CVE-2013-4596...

5.8CVSS6.4AI score0.01218EPSS
Exploits0References9
Drupal
Drupal
added 2013/08/07 12:0 a.m.19 views

SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure

This module enables page caching for authenticated users. A separate version of each cacheable page is stored for each group of users with the same combination of roles. Users having the exact same role-combination like the superuser uid=1 might access cached pages generated with the superuser...

6.5CVSS6.3AI score0.01626EPSS
Exploits0References9
Drupal
Drupal
added 2011/08/31 12:0 a.m.10 views

SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities

This module enables you to set alarms for your IRC bot. The module does not properly escape the message and channels of alarms in pages listing the alarms, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

6.3AI score
Exploits0References12
Drupal
Drupal
added 2009/08/19 12:0 a.m.10 views

SA-CONTRIB-2009-052 - Printer, e-mail and PDF versions - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module doesn't properly escape a number of user-supplied variables before output. A user who has the permission to add content could attempt a cross site scripting XSS attack which may in some...

6AI score
Exploits0References9
Drupal
Drupal
added 2009/03/18 12:0 a.m.19 views

SA-CONTRIB-2009-010 Plus 1 - Cross-site request forgery

The Plus 1 module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Versions of Plus 1 prior to 6.x-2.6 Drupal core is not...

7.1AI score
Exploits0References8
Rows per page
Query Builder