CVE-2026-0748

A flaw was found in the Drupal 7 Internationalization i18n module, specifically within its i18nnode submodule. A user possessing both "Translate content" and "Administer content translations" permissions can exploit this vulnerability. By utilizing the translation user interface UI and its...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

EUVD-2009-4481

Malware in sbrugna...

EUVD-2014-8979

Malware in sbrugna...

EUVD-2015-4398

Malware in sbrugna...

EUVD-2015-6599

Malware in sbrugna...

EUVD-2012-1093

Malware in sbrugna...

EUVD-2013-1919

Malware in sbrugna...

GHSA-WW2V-FRV5-PJ5X Joplin is vulnerable to arbitrary code execution

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

Joplin is vulnerable to arbitrary code execution

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

Design/Logic Flaw

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

CVE-2022-35131 affects Joplin v2.8.8, enabling arbitrary command execution via a crafted payload injected into Node titles. The root cause is unsafe handling of user input in the UI, specifically unescaped input passed to dangerouslySetInnerHTML in GotoAnything.tsx. Several sources corroborate an...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

Drupal Panopoly Core Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in Drupal's Panopoly Core module that stems from not properly handling partial node titles. The vulnerability can be exploited ...

Panopoly Core - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-093

This module provides common functionality used by other modules in the Panopoly distribution and child distributions, like, Open Atrium. The module doesn't sufficiently filter node titles used in breadcrumbs when the "Append Page Title to Site Breadcrumb" setting is enabled. This vulnerability is...

html_title - Unsupported - SA-CONTRIB-2017-059

The HTML Title module allows a limited set of HTML markup em, sub, sup, b, i, strong, cite, code, bdi, wbr to be used in node titles. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like ...

[SECURITY] Fedora 25 Update: drupal7-title-1.0-0.7.alpha9.fc25

While working on the new content translation system http://api.drupal.org/api/group/fieldlanguage/7 for Drupal 7, we the Dr upal core i18n team faced the need to convert node titles to the Field API in o rder to make nodes fully translatable. We were not able to make this happen in Drupal 7 core ...