CVE-2015-5491

CVE-2015-5491 concerns the Drupal module Dynamic display block (7.x-1.x) , where versions prior to 7.x-1.1 allow remote authenticated users with the administer ddblock permission to bypass access restrictions and read titles of restricted content. The root cause is improper access control in the ...

CVE-2014-9501

The CVE concerns the Drupal Poll Chart Block module (Drupal 7.x, versions prior to 7.x-1.2). The issue is an XSS vulnerability caused by insufficient sanitization of poll node titles displayed in the poll chart block, allowing remote authenticated users to inject arbitrary script/HTML. Affected p...

CVE-2012-1578

Multiple cross-site request forgery CSRF vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that 1 block a user via a request to the Block module or 2 unblock a user via a...

Nuked-Klan SP4 RFI Vulnerability

No description provided by source. ======================================================================================== $ | Title : Nuked-Klan SP4 RFI Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

SA-CONTRIB-2009-028 - Feed Block - Cross Site Scripting

The Feed Block module creates a block with one externalsyndicated article for each feed source from selected feed category. Feed block doesn't properly escapes aggregator items allowing users with administer news feeds permission to inject arbitrary code into the site. Such a cross site scripting...