4 matches found
SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)
SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...
SA-CONTRIB-2011-024 - Spam - Cross Site Request Forgery (CSFR)
The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of...
SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery
The Drupad module is the companion module of the iPhone / iPodTouch application also called Drupad. The module doesn't check if the incoming request is made from the application, leading to a CSRF vulneraby. This vulnerability can be used to delete users and content, or set the site in offline mo...
SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting
The S5 Presentation Player module enables the creation of an S5 slideshow using content from the site. The module does not properly sanitize user supplied text it includes in the HTML HEAD section, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user...