PT-2026-22087

Name of the Vulnerable Software and Affected Versions Drupal Islandora versions prior to 2.17.5 Description A flaw exists in Drupal Islandora that allows for Cross-Site Scripting XSS. The issue stems from insufficient sanitization of URI paths used in a custom route for attaching media to nodes...

EUVD-2009-1070

Malware in sbrugna...

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

SA-CONTRIB-2012-059 - Autosave - Cross Site Request Forgery

CVE: CVE-2012-2097 This module enables snapshots of your node edit form to be saved in the background while you are editing to help prevent the data from being lost. The module doesn't sufficiently protect against a user being tricked into submitting saved results to a node. Versions affected...

UBUNTU-CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...

CVE-2009-1069

Multiple cross-site scripting XSS vulnerabilities in the node edit form feature in Drupal Content Construction Kit CCK 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the 1 titles of candidate referenced nodes in the Node reference...