Lucene search
K

5 matches found

Drupal
Drupal
added 2015/03/25 12:0 a.m.14 views

Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081

The Petition module enables you to create petitions which users may sign. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...

2.1CVSS6AI score0.00949EPSS
Exploits0References9
Drupal
Drupal
added 2013/12/04 12:0 a.m.25 views

SA-CONTRIB-2013-097 - OG Features - Access bypass

This module enables you to enable and disable bundles of functionality for individual Organic groups. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually i...

5.8CVSS6.1AI score0.01218EPSS
Exploits0References12
Drupal
Drupal
added 2011/03/16 12:0 a.m.15 views

SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)

Tagadelic module offers various ways to display terms and vocabularies in a tag cloud on a page or in a block. The module does not sanitize the taxonomy vocabulary names and descriptions when displayed on listing pages or blocks, leading to a Cross-Site Scripting XSS vulnerability that may lead t...

5.9AI score
Exploits0References10
Drupal
Drupal
added 2011/02/02 12:0 a.m.10 views

SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)

The contributed flag page module provides an additional flag type to allow you to flag pages so you can bookmark any URL on your site including views, panels, administration pages or site contact page. The module does not sanitize the flag titles when displayed in blocks, leading to a Cross-Site...

5.9AI score
Exploits0References10
Drupal
Drupal
added 2010/02/17 12:0 a.m.9 views

SA-CONTRIB-2010-018 - Content Distribution - Multiple Vulnerabilities

Content Distribution module allows calling a method to delete particular nodes using a XML-RPC call. When this method is allowed to be called by anonymous users in user permissions, an attacker might delete a random node. In addition, certain actions require Content Distribution to temporarily...

6.9AI score
Exploits0References4
Rows per page
Query Builder