Pathauto cross site scripting vulnerability

It is possible for a malicious user to execute XSS Cross Site Scripting by enticing a victim to click on a specially crafted link. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Please check the CVS $Id$ fields in the file...

E-commerce Cross site scripting vulnerability

It is possible for a malicious user with the 'create products' permission to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. The create products permission is...

DRUPAL-SA-2006-015: Multiple vulnerabilities in Bibliography

Unescaped input is used directly in queries, allowing malicious users to execute SQL injection attacks. This may result in administrator access. It is also possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to...