4 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2308
CVE-2012-2308 describes a Cross-Site Scripting (XSS) vulnerability in the Drupal contributed module Taxonomy Grid: Catalog for Drupal 6.x-1.6 and earlier. The issue arises because user-supplied text is not properly filtered, allowing remote authenticated users with certain permissions to inject a...
SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection
The Yr Weatherdata module displays weather forecasts, and enables users with the proper permission to set the sort method. When setting the sorting method the module does not filter the value input by the user correctly. This vulnerability can be exploited to perform an SQL Injection attack...
CVE-2009-3488
CVE-2009-3488 describes a cross-site scripting (XSS) vulnerability in Drupal’s Bibliography (Biblio) module, version 6.x-1.6, where remote authenticated users with content-creation privileges can inject arbitrary scripts or HTML via the Title field. The connected records corroborate a related XSS...