11 matches found
EUVD-2009-4523
Malware in sbrugna...
EUVD-2009-4524
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, t...
Code injection
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the 1...
CVE-2009-4557
Cross-site scripting XSS vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, t...
CVE-2009-4558
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the 1...
CVE-2009-4557
The CVE-2009-4557 entry concerns a Cross-site scripting (XSS) vulnerability in the Drupal Image Assist module. Affected releases are: 5.x-1.x before 5.x-1.8; 5.x-2.x before 2.0-alpha4; 6.x-1.x before 6.x-1.1; 6.x-2.x before 2.0-alpha4; and 6.x-3.x-dev before 2009-07-15. The issue allows remote au...
CVE-2009-4558
Affected software: Drupal Image Assist module (modules) versions 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15. Vulnerability: The module does not properly enforce privilege requirements for unspecified page...
CVE-2009-4557
Cross-site scripting XSS vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, t...
CVE-2009-4558
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the 1...
SA-CONTRIB-2009-043 - Image Assist - Multiple vulnerabilities
The Image Assist module for Drupal 5.x and 6.x allows users to upload and insert inline images into posts. Two vulnerabilities and weaknesses were discovered in the contributed Image Assist module. Cross site scripting The node title is treated as if it was safe text, and is not escaped before...