12 matches found
CVE-2023-37974
Cross-Site Request Forgery CSRF vulnerability in Justin Klein WP Social AutoConnect plugin = 4.6.1 versions...
CVE-2023-37974
CVE-2023-37974 relates to the WordPress plugin WP Social AutoConnect (Justin Klein) version
SA-CONTRIB-2013-085 - Feed Element Mapper - Cross Site Scripting
Feed Element Mapper is an add-on module for FeedAPI that maps elements on a feed item such as tags or the author name to taxonomy or CCK fields. The module doesn't sufficiently filter text when displaying options to users. This vulnerability is mitigated by the fact that an attacker must have a...
SA-CONTRIB-2012-011 - Panels - Cross Site Scripting (XSS)
CVE: CVE-2012-0914 The Panels module allows a site administrator to create customized layouts for multiple uses. The module doesn't sufficiently sanitize administrator supplied data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer pane...
SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities
Webform module enables you to create custom webform or survey nodes. These nodes typically may be created either by editorial teams or administrators. Webform does not sufficiently check directory access when a user configures an upload field. This may allow a user to upload malicious files to th...
SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting
The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...
SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities
1 - Arbitrary File Upload/Code Execution Vulnerability The Embedded Thumbnail module packaged with the project allows users who upload videos to upload their own thumbnails to replace The Drupal Embedded Media Field module. Unfortunately, the Embedded Thumbnail Module contains a vulnerability tha...
SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities
The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...
SA-CONTRIB-2009-052 - Printer, e-mail and PDF versions - Cross site scripting
The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module doesn't properly escape a number of user-supplied variables before output. A user who has the permission to add content could attempt a cross site scripting XSS attack which may in some...
SA-CONTRIB-2009-048 - Bibliography Module - Cross Site Scripting
The Bibliography module Biblio allows users to manage and display lists of scholarly publications. The module contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display. A user who has the permission to create content displayed by the...
SA-2008-058 - Brilliant Gallery - SQL Injection
The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "access brilliantgallery" permission to perform SQL Injection attacks. These attacks may lead to the malicious user gaining...
SA-2008-053 - Answers - Cross site scripting
The Answers module allows a site owner to add a Questions & Answer section to the site. Unfortunately, the module does not properly escape text, which allows malicious users who are able to post answers to insert arbitrary HTML and scripts into a page. Wikipedia has more information about such...