17 matches found
EUVD-2009-2071
Malware in sbrugna...
EUVD-2009-2070
Malware in sbrugna...
CVE-2009-2075
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors...
CVE-2009-2074
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
Nodequeue - Critical - Cross Site Scripting - SA-CONTRIB-2019-085
Updated November 22. This module enables you to collect nodes in an arbitrarily ordered list. Nodequeue's JavaScript can be leveraged to insert HTML from attacker-controlled JSON data. This is exploitable if user-submitted "Filtered HTML" content is displayed on a page where nodequeue.js is loade...
SA-CONTRIB-2009-095 - Smartqueue OG - Access Bypass
The Smartqueueog module uses Nodequeue's Smartqueue API to provide a Nodequeue for organic groups which is editable by members of that group or the group's administrators. Users with the "administer nodequeue" permission have the option to batch create subqueues individual instances of a queue fo...
SA-CONTRIB-2009-041 - Nodequeue - Access bypass
The Nodequeue module enables an administrator to arbitrarily put nodes in a group with an arbitrary order for any purpose, such as providing a listing of nodes or featuring a particular node. On the queue administration screen, users with permission to manipulate a queue are presented with an...
Cross site scripting
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
CVE-2009-2075
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors...
Design/Logic Flaw
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors...
CVE-2009-2074
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
CVE-2009-2075
CVE-2009-2075 concerns the Drupal Nodequeue module (5.x before 5.x-2.7 and 6.x before 6.x-2.2). The description states it does not properly restrict access when displaying node titles. The provided documents do not specify the exact root cause, affected files or functions, or concrete attack vect...
CVE-2009-2074
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
CVE-2009-2074
CVE-2009-2074 is a cross-site scripting (XSS) vulnerability in the Drupal module Nodequeue . The issue affects: Nodequeue versions 5.x before 5.x-2.7 and 6.x before 6.x-2.2 . It allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocab...
CVE-2009-2075
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors...
PT-2009-4527 · Drupal · Nodequeue
Name of the Vulnerable Software and Affected Versions: Nodequeue versions 5.x before 5.x-2.7 Nodequeue versions 6.x before 6.x-2.2 Description: A cross-site scripting XSS issue allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via...
SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities
The Nodequeue module enables an administrator to arbitrarily put nodes in a group for some purpose, such as providing a listing of nodes or featuring a particular node. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing vocabulary names before they are...