12 matches found
EUVD-2008-0282
Malware in sbrugna...
EUVD-2009-3345
Malware in sbrugna...
CVE-2009-3363
Cross-site scripting XSS vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."...
Cross site scripting
Cross-site scripting XSS vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."...
CVE-2009-3363
Cross-site scripting XSS vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."...
CVE-2009-3363
CVE-2009-3363 is an XSS vulnerability in the BUEditor module for Drupal. Affected are BUEditor 5.x before 5.x-1.2 and 6.x before 6.x-1.4, where input to the plain textarea editor is not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. Impact is limited to inje...
SA-CONTRIB-2009-055 - BUEditor - Cross Site Scripting
The BUEditor module provides a plain textarea editor designed to facilitate code writing. The module suffers from a Cross Site Scripting XSS vulnerability, which allows an attacker to hijack the account of a logged in user by tricking them into visiting a seemingly innocent page using the Live...
CVE-2008-0271
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...
Cross site request forgery (csrf)
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...
CVE-2008-0271
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...
CVE-2008-0271
The CVE concerns the Drupal module BUEditor (version range: 4.7.x prior to 4.7.x-1.0 and 5.x prior to 5.x-1.1). The underlying issue is that the editor deletion form does not follow Drupal’s Forms API submission model, enabling a CSRF attack that can delete custom editor interfaces. Practical imp...
SA-2008-003 - BUEditor - CSRF
BUEditor is a plain textarea editor aiming to facilitate code writing. It supports completely customizable interface and button functionality via role-based editors. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally...