9 matches found
EUVD-2014-8578
Malware in sbrugna...
EUVD-2013-1904
Malware in sbrugna...
EUVD-2012-4412
Malware in sbrugna...
CVE-2012-4483
The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...
CVE-2014-8747
CVE-2014-8747 is a cross-site scripting (XSS) vulnerability in Drupal Commons 7.x-3.x (prior to 7.x-3.9) for Drupal. The issue affects messages in the activity stream related to content creation, where unsanitized content could allow injection of arbitrary scripts/HTML. Root cause: inadequate san...
CVE-2014-8747
Cross-site scripting XSS vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages...
SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)
Drupal Commons is a ready-to-use solution for building either internal or external communities. It provides a complete social business software solution for organizations. Drupal Commons displays an "activity stream" containing messages about actions users take on the site. In some cases, message...
Design/Logic Flaw
The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...
SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...