SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)

Log Watcher allows you to monitor your site logs in a systematic way by setting up scheduled aggregations for specific log types. The report administration links are not properly protected from CSRF. A malicious user could cause a log administrator to enable, disable, or delete a Log Watcher repo...

SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF)

This module enables you to hide or remove items from displaying including the node and comment preview buttons, node delete button, revision log textarea, workflow form on the workflow tab, and feed icon. The report administration links are not properly protected from CSRF. A malicious user could...

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

This module enables you to override whole vocabularies or individual terms with the View of your choice. The module did not filter user entered term descriptions for Cross Site Scripting XSS injections. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...