19 matches found
EUVD-2015-3416
Malware in sbrugna...
EUVD-2015-3415
Malware in sbrugna...
EUVD-2015-3417
Malware in sbrugna...
Drupal Node Invite Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. A cross-site request forgery vulnerability exists in the Drupal Node Invite module versions prio...
Drupal Node Invite Module Open Redirect Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. An open redirection vulnerability exists in the Drupal Node Invite module versions prior to...
Drupal Node Invite Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. A cross-site scripting vulnerability exists in the Drupal Node Invite module versions prior to...
CVE-2015-3372
Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3371
Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2015-3370
Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
Open redirect
Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2015-3372
The Drupal Node Invite module (6.x) is vulnerable prior to 6.x-2.5: an XSS flaw allows remote authenticated users to inject script/HTML via a node title. Additional issues include CSRF exposure and an open redirect vulnerability. Affected versions: Node Invite 6.x-2.x before 6.x-2.5; Drupal core ...
CVE-2015-3372
Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3370
Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...
CVE-2015-3370
CVE-2015-3370 — Drupal Node Invite CSRF : A CSRF in the Drupal Node Invite module (6.x prior to 6.x-2.5) allows remote attackers to hijack the authentication of users who have the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. Affe...
CVE-2015-3371
The CVE-2015-3371 Open Redirect vulnerability affects the Drupal Node Invite module up to 6.x-2.x, specifically versions prior to 6.x-2.5. The issue arises from the destination parameter, allowing remote attackers to redirect users to arbitrary websites, enabling phishing. Affected component: Nod...
SA-CONTRIB-2015-032 - Node Invite - Multiple vulnerabilities
Node Invite module enables you to invite people to RSVP on node types that have been configured to represent events. The module doesn't sufficiently sanitize the titles of nodes in some listings, allowing a malicious user to inject code, thereby leading to a Cross Site Scripting XSS vulnerability...
SA-CONTRIB-2011-037- Node Invite - Cross Site Scripting
The Node Invite module allows you to invite users with existing accounts or otherwise to specified nodes on a Drupal site. This module does not properly use t strings to ensure all text was sanitized when data was output through a formseterror message, thus creating a Cross Site Scripting XSS...