EUVD-2006-4634

Malware in sbrugna...

Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

DRUPAL-CORE-2023-003

The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content...

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003

The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content...

Drupal 7.x < 7.95 / 9.4.x < 9.4.12 / 9.5.x < 9.5.5 / 10.x < 10.0.5 Multiple Vulnerabilities (drupal-2023-03-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5, or 10.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities. - Drupal core provides a page that outputs the markup...

SA-CONTRIB-2010-085 - Pathauto - Cross Site Scripting

The Pathauto module automatically generates path aliases for various kinds of content nodes, categories, users without requiring the user to manually specify the path alias. It also provides additional tokens that can be used in URL alias patterns and anywhere else that the Token API is used. The...

CVE-2006-4646

Cross-site scripting XSS vulnerability in the Drupal 4.7 Pathauto module before pathautonode.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathautonode.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-4646

CVE-2006-4646 is a cross-site scripting (XSS) vulnerability in the Drupal Pathauto module (Drupal 4.7) before pathauto_node.inc 1.17.2.1 and Drupal 4.6 before pathauto_node.inc 1.14.2.1. The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected comp...

CVE-2006-4646

Cross-site scripting XSS vulnerability in the Drupal 4.7 Pathauto module before pathautonode.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathautonode.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

[SA21779] Drupal Pathauto Module Cross-Site Scripting Vulnerability

TITLE: Drupal Pathauto Module Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA21779 VERIFY ADVISORY: http://secunia.com/advisories/21779/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Pathauto 4.x module for Drupal http://secunia.com/product/11864/...

Pathauto cross site scripting vulnerability

It is possible for a malicious user to execute XSS Cross Site Scripting by enticing a victim to click on a specially crafted link. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Please check the CVS $Id$ fields in the file...