Lucene search
K

12 matches found

Drupal
Drupal
added 2017/08/09 12:0 a.m.17 views

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

This module provides a Facebook Like button on node pages and blocks. The module does not sufficiently sanitize output when configured to use custom css rules. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fblikebutton". CVE...

7AI score
Exploits0References13
Drupal
Drupal
added 2017/05/10 12:0 a.m.17 views

Drupal Remote Dashboard - Critical - Weak encryption keys - SA-CONTRIB-2017-046

UPDATE 2017-07-12 : This SA originally only mentioned the Drupal 8 version of the module, but it was later discovered that this issue affected the Drupal 7 version as well. We've updated the SA for the Drupal 7 security release. Sorry for the confusion! This module enables you to remotely access...

7.2AI score
Exploits0References10
Drupal
Drupal
added 2017/02/08 12:0 a.m.19 views

Wetkit Omega - Moderately Critical - Access Bypass - SA-CONTRIB-2017-012

WetKit Omega 4.x is a modern, Sass and Compass enabled Drupal 7 theme powered by the Omega base theme. When using the Drupal page cache, some links intended for privileged users can get cached and displayed to users who shouldn't have access to them. This is mitigated by the fact that the...

7AI score
Exploits0References15
Drupal
Drupal
added 2017/02/08 12:0 a.m.9 views

Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011

This module enables you to add integration with Facebook API. The module doesn't sufficiently sanitize incoming data from Facebook. This vulnerability is mitigated by the fact that an attacker must have be able to successfully pass malicious code through Facebook API or alter facebooks DNS and...

7.2AI score
Exploits0References14
Drupal
Drupal
added 2016/11/02 12:0 a.m.14 views

D8 Editor File upload - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-059

This module enables you to upload files directly within the CKEditor and create a link to download the given file. The module doesn't sufficiently check the uploaded file extensions when the allowed extensions list is not the default one. This vulnerability is mitigated by the fact that an attack...

7AI score
Exploits0References12
Drupal
Drupal
added 2016/09/21 12:0 a.m.641 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...

6.1CVSS5.1AI score0.01716EPSS
Exploits0References23
Drupal
Drupal
added 2016/05/25 12:0 a.m.17 views

XML Sitemap - Moderately Critical - XSS - SA-CONTRIB-2016-030

The XML Sitemap module enables you to create sitemaps which help search engines to more intelligently crawl a website and keep their results up to date. The module doesn't sufficiently filter the URL when it is displayed in the sitemap. This vulnerability is mitigated if the setting for "Include ...

7.1AI score
Exploits0References12
Drupal
Drupal
added 2016/01/06 12:0 a.m.19 views

Field Group - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-001

Field Group module enables you to group fields on entity forms and entity displays. When adding a HTML element as group, the user has the option to add custom HTML attributes on the group. Via this option, a malicious user can embed scripts within the page, resulting in a Cross-site Scripting XSS...

6.1CVSS6AI score0.00619EPSS
Exploits0References10
Drupal
Drupal
added 2015/07/15 12:0 a.m.26 views

Path Breadcrumbs - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-133

This module enables you to configure breadcrumbs for any Drupal page. The module didn't sufficiently filter user input values the in administration interface. This vulnerability was mitigated by the fact that an attacker must have a role with the permission "Administer Path Breadcrumbs". CVE...

2.1CVSS6.3AI score0.00744EPSS
Exploits0References10
Drupal
Drupal
added 2014/08/13 12:0 a.m.28 views

SA-CONTRIB-2014-077 - TableField - Cross Site Scripting (XSS)

This module enables you to create a field attached to a entity which stores tabular data. The module doesn't sufficiently sanitize the field help text when presented to a privileged user. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

3.5CVSS6.3AI score0.00946EPSS
Exploits0References9
Drupal
Drupal
added 2014/04/30 12:0 a.m.11 views

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass

This module adds a contextual menu to fields which are added to an entity display in Panels, allowing individual fields to be directly edited via a separate page or, if it is enabled, the Overlay module. The module doesn't sufficiently verify the user has access to modify the entity the field is...

5.8AI score
Exploits0References13
Drupal
Drupal
added 2014/02/05 12:0 a.m.20 views

SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

This module enables provides an API to render an iframe within a modal dialog based on the jQuery UI Dialog plugin. You should not install this module unless another module requires you to, or you wish to use it for your own custom modules. The module doesn't sufficiently filter user supplied tex...

4.3CVSS6.4AI score0.01792EPSS
Exploits0References9
Rows per page
Query Builder