7 matches found
SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)
CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...
SA-CONTRIB-2009-110 - Taxonomy Timer - SQL Injection
The Taxonomy Timer module enables users to set expiration dates for Taxonomy Terms. At the time of expiration other terms can be assigned, or nodes can be unpublished. In some cases the module does not properly sanitize user input, leading to a SQL Injection vulnerability. Such an attack may lead...
SA-CONTRIB-2009-108 - Gallery Assist - Cross Site Scripting
The Gallery Assist module provides a simple way to create image galleries on a site. The module does not sanitize node titles, leading to a Cross Site Scripting XSS vulnerability. Versions affected Gallery Assist module for Drupal 6.x prior to Gallery Assist 6.x-1.7 Drupal core is not affected. I...
SA-CONTRIB-2009-106 - Agreement - Cross Site Scripting
The Agreement module enables the display of a text-based agreement think "Terms of Service" that users of a particular role must accept before they are given access to the site. The module does not sanitize some of the user-supplied fields, leading to a Cross Site Scripting XSS vulnerability...
SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting
The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting XSS vulnerability. Versions...
SA-CONTRIB-2009-080 - Simplenews Statistics - Multiple vulnerabilities
The Simplenews Statistics module provides newsletter statistics such as the open rate and CTR click-through rate. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF, Cross Site Scripting problem Cross Site Scripting and Open Redirect. This problem allows an...
SA-CONTRIB-2009-009 Forward module can be used as a spam relay
This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...