Lucene search
K

12 matches found

OSV
OSV
added 2023/07/17 4:15 p.m.4 views

CVE-2023-37974

Cross-Site Request Forgery CSRF vulnerability in Justin Klein WP Social AutoConnect plugin = 4.6.1 versions...

8.8CVSS7.3AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2023/07/17 3:0 p.m.35 views

CVE-2023-37974

CVE-2023-37974 relates to the WordPress plugin WP Social AutoConnect (Justin Klein) version

8.8CVSS7AI score0.00208EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2013/10/30 12:0 a.m.24 views

SA-CONTRIB-2013-085 - Feed Element Mapper - Cross Site Scripting

Feed Element Mapper is an add-on module for FeedAPI that maps elements on a feed item such as tags or the author name to taxonomy or CCK fields. The module doesn't sufficiently filter text when displaying options to users. This vulnerability is mitigated by the fact that an attacker must have a...

2.1CVSS6.4AI score0.00729EPSS
Exploits0References8
Drupal
Drupal
added 2012/01/18 12:0 a.m.18 views

SA-CONTRIB-2012-011 - Panels - Cross Site Scripting (XSS)

CVE: CVE-2012-0914 The Panels module allows a site administrator to create customized layouts for multiple uses. The module doesn't sufficiently sanitize administrator supplied data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer pane...

4.3CVSS6.2AI score0.02361EPSS
Exploits0References10
Drupal
Drupal
added 2011/05/18 12:0 a.m.12 views

SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities

Webform module enables you to create custom webform or survey nodes. These nodes typically may be created either by editorial teams or administrators. Webform does not sufficiently check directory access when a user configures an upload field. This may allow a user to upload malicious files to th...

6.2AI score
Exploits0References13
Drupal
Drupal
added 2011/02/16 12:0 a.m.10 views

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...

6.1AI score
Exploits0References9
Drupal
Drupal
added 2010/12/08 12:0 a.m.16 views

SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities

1 - Arbitrary File Upload/Code Execution Vulnerability The Embedded Thumbnail module packaged with the project allows users who upload videos to upload their own thumbnails to replace The Drupal Embedded Media Field module. Unfortunately, the Embedded Thumbnail Module contains a vulnerability tha...

7.3AI score
Exploits0References12
Drupal
Drupal
added 2010/05/19 12:0 a.m.15 views

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...

7.2AI score
Exploits0References8
Drupal
Drupal
added 2009/08/19 12:0 a.m.10 views

SA-CONTRIB-2009-052 - Printer, e-mail and PDF versions - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module doesn't properly escape a number of user-supplied variables before output. A user who has the permission to add content could attempt a cross site scripting XSS attack which may in some...

6AI score
Exploits0References9
Drupal
Drupal
added 2009/07/29 12:0 a.m.12 views

SA-CONTRIB-2009-048 - Bibliography Module - Cross Site Scripting

The Bibliography module Biblio allows users to manage and display lists of scholarly publications. The module contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display. A user who has the permission to create content displayed by the...

6AI score
Exploits0References7
Drupal
Drupal
added 2008/09/25 12:0 a.m.15 views

SA-2008-058 - Brilliant Gallery - SQL Injection

The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "access brilliantgallery" permission to perform SQL Injection attacks. These attacks may lead to the malicious user gaining...

8.5AI score
Exploits0References3
Drupal
Drupal
added 2008/09/18 12:0 a.m.13 views

SA-2008-053 - Answers - Cross site scripting

The Answers module allows a site owner to add a Questions & Answer section to the site. Unfortunately, the module does not properly escape text, which allows malicious users who are able to post answers to insert arbitrary HTML and scripts into a page. Wikipedia has more information about such...

5.8AI score
Exploits0References2
Rows per page
Query Builder