Lucene search
K

4 matches found

Drupal
Drupal
added 2015/02/25 12:0 a.m.15 views

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)

SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...

2.6CVSS6AI score0.01178EPSS
Exploits0References9
Drupal
Drupal
added 2011/06/08 12:0 a.m.15 views

SA-CONTRIB-2011-024 - Spam - Cross Site Request Forgery (CSFR)

The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of...

6.7AI score
Exploits0References9
Drupal
Drupal
added 2010/07/14 12:0 a.m.12 views

SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery

The Drupad module is the companion module of the iPhone / iPodTouch application also called Drupad. The module doesn't check if the incoming request is made from the application, leading to a CSRF vulneraby. This vulnerability can be used to delete users and content, or set the site in offline mo...

7AI score
Exploits0References5
Drupal
Drupal
added 2009/11/04 12:0 a.m.8 views

SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting

The S5 Presentation Player module enables the creation of an S5 slideshow using content from the site. The module does not properly sanitize user supplied text it includes in the HTML HEAD section, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user...

5.9AI score
Exploits0References6
Rows per page
Query Builder