26 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 create, 2 delete, or 3 alter invoices via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice"...
CVE-2015-4381
The CVE-2015-4381 entry affects the Drupal Invoice contributed module (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3). The issue is a Cross-Site Scripting (XSS) vulnerability that can be exploited by remote authenticated users who have the "Administer own invoices" permission to inje...
CVE-2015-4382
CVE-2015-4382 refers to CSRF vulnerabilities in the Drupal Invoice contributed module. Impacted versions are 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3, allowing remote attackers to hijack the authentication of arbitrary users to perform invoices-related actions (create, delete, or alt...
CVE-2015-4381
Cross-site scripting XSS vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice"...
Drupal Invoice Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in Drupal Invoice, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...