EUVD-2012-2297

Malware in sbrugna...

EUVD-2015-3406

Malware in sbrugna...

DRUPAL-CONTRIB-2021-042

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bund...

Drupal Linkit Module Access Bypass Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in the Drupal Linkit module. An attacker can exploit this vulnerability to perform unauthorized operations bypassing some security restrictions...

CVE-2015-3361

Cross-site scripting XSS vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3361

The CVE-2015-3361 issue affects the Drupal Linkit module for Drupal 7.x (versions before 7.x-2.7 and 7.x-3.x before 7.x-3.3) when the node search plugin is enabled. It arises from insufficient sanitization of node titles in the search results list, allowing remote authenticated users to inject ar...

SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)

Linkit provides an easy interface for internal and external linking with wysiwyg editors and fields by using an autocomplete field. The module doesn't sufficiently sanitize node titles in the result list if the node search plugin is enabled. This vulnerability is mitigated by the fact that an...

CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

Code injection

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2012-2304

CVE-2012-2304 concerns the Linkit module for Drupal (7.x-2.x series). The issue occurs when using an entity access module: during entity searches, Linkit did not enforce access restrictions, allowing remote attackers to view information about content they normally should not access. Affected vers...