SA-CONTRIB-2010-010 - Author Contact - Cross site scripting

The Author Contact module provides a form to contact the author of the current post. The module does not properly sanitize parts of the provided block, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user gaining full administrative access. A user must...

SA-2008-043 - Outline designer - Privilege escalation

The Outline designer module provides a visual way of structuring content in books. A programming error in the module causes the current user to become authenticated as the author of the viewed content item. Versions affected Outline designer for Drupal 5.x prior to 5.x-1.4. Drupal core is not...