7 matches found
XML Sitemap - Moderately Critical - XSS - SA-CONTRIB-2016-030
The XML Sitemap module enables you to create sitemaps which help search engines to more intelligently crawl a website and keep their results up to date. The module doesn't sufficiently filter the URL when it is displayed in the sitemap. This vulnerability is mitigated if the setting for "Include ...
SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)
The Privatemsg module allows users to send private messages between to each other. The module doesn't sufficiently sanitize user names when creating messages. This vulnerability is mitigated by the fact that it is not possible to create insecure user names through the default user interface. The...
SA-CONTRIB-2012-103 - Global Redirect - Open Redirect
This module improves SEO and usability of a site by redirecting visitors to user-friendly and search-engine-friendly URLs. The module does not sufficiently validate that a destination URL is internal to the site, allowing an attacker to disguise a malicious destination address as a query paramete...
SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS)
CVE: CVE-2012-2298 This module allows you to set a pattern for constructing "Real names" for users out of profile fields. The module does not sufficiently escape users' real names under certain circumstances which could lead to a Cross-Site Scripting XSS attack. Versions affected RealName 6.x-1.x...
SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting
The Category tokens module exposes additional tokens for the first and last terms related to a node for each vocabulary. The module does not sanitize the vocabulary names when displayed in token help, leading to a Cross-Site Scripting XSS vulnerability that may lead to a malicious user gaining fu...
SA-CONTRIB-2009-063 - XML sitemap - Cross Site Scripting
The XML sitemap module creates a sitemap that conforms to the sitemaps.org specification. It also allows users with the 'administer site configuration' permission to add additional custom links to be included in the sitemap. In the additional links interface, the module does not properly sanitize...
SA-CONTRIB-2009-061 - Markdown Preview - Cross Site Scripting
The Markdown Preview module provides a live preview pane that displays the rendered HTML output of your Markdown input. When displaying the live preview, the module does not properly escape user entered data, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a...