Lucene search
K

7 matches found

Drupal
Drupal
added 2012/05/09 12:0 a.m.30 views

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...

4.3CVSS5.8AI score0.01647EPSS
Exploits0References11
Drupal
Drupal
added 2009/11/25 12:0 a.m.15 views

SA-CONTRIB-2009-110 - Taxonomy Timer - SQL Injection

The Taxonomy Timer module enables users to set expiration dates for Taxonomy Terms. At the time of expiration other terms can be assigned, or nodes can be unpublished. In some cases the module does not properly sanitize user input, leading to a SQL Injection vulnerability. Such an attack may lead...

8.2AI score
Exploits0References7
Drupal
Drupal
added 2009/11/18 12:0 a.m.11 views

SA-CONTRIB-2009-108 - Gallery Assist - Cross Site Scripting

The Gallery Assist module provides a simple way to create image galleries on a site. The module does not sanitize node titles, leading to a Cross Site Scripting XSS vulnerability. Versions affected Gallery Assist module for Drupal 6.x prior to Gallery Assist 6.x-1.7 Drupal core is not affected. I...

6.3AI score
Exploits0References6
Drupal
Drupal
added 2009/11/18 12:0 a.m.15 views

SA-CONTRIB-2009-106 - Agreement - Cross Site Scripting

The Agreement module enables the display of a text-based agreement think "Terms of Service" that users of a particular role must accept before they are given access to the site. The module does not sanitize some of the user-supplied fields, leading to a Cross Site Scripting XSS vulnerability...

6.3AI score
Exploits0References6
Drupal
Drupal
added 2009/11/04 12:0 a.m.15 views

SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting

The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting XSS vulnerability. Versions...

6.4AI score
Exploits0References7
Drupal
Drupal
added 2009/10/21 12:0 a.m.13 views

SA-CONTRIB-2009-080 - Simplenews Statistics - Multiple vulnerabilities

The Simplenews Statistics module provides newsletter statistics such as the open rate and CTR click-through rate. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF, Cross Site Scripting problem Cross Site Scripting and Open Redirect. This problem allows an...

6AI score
Exploits0References6
Drupal
Drupal
added 2009/03/11 12:0 a.m.18 views

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...

7.1AI score
Exploits0References3
Rows per page
Query Builder