5 matches found
CVE-2009-3919
Cross-site scripting XSS vulnerability in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."...
Design/Logic Flaw
An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...
CVE-2009-3920
An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...
CVE-2009-3920
An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...
SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities
The NGP COO/CWP Integration module provides Drupal integration with the NGP Software API for efficient campaign management. An administration page did not properly implement access control thereby allowing untrusted users to view module log information. User-supplied information was not filtered ...