15 matches found
EUVD-2015-4399
Malware in sbrugna...
EUVD-2015-3410
Malware in sbrugna...
CVE-2015-4376
Cross-site scripting XSS vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-4376
The CVE-2015-4376 entry affects the Drupal Profile2 Privacy module (7.x-1.x) prior to 7.x-1.5. The vulnerability is an XSS flaw due to insufficient sanitization in the module, exploitable by remote authenticated users who have the Administer Profile2 Privacy Levels permission. The vectors are not...
CVE-2015-4376
Cross-site scripting XSS vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3365
Cross-site scripting XSS vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block...
Cross site scripting
Cross-site scripting XSS vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block...
CVE-2015-3365
Cross-site scripting XSS vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block...
CVE-2015-3365
CVE-2015-3365 is a Drupal XSS vulnerability in the nodeauthor module. The issue arises from insufficient sanitization of Profile2 fields inside a provided block, allowing remote authenticated users to inject arbitrary web script or HTML. Affected products include the nodeauthor module (all versio...
Drupal Profile2 Privacy Module Cross-Site Scripting Vulnerability
Drupal is a developmental CMF Content Management Framework written in the PHP language. A cross-site scripting vulnerability exists in the Drupal Profile2 Privacy module. Because the program fails to properly filter user-supplied text, an attacker can exploit the vulnerability to execute arbitrar...
SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting (XSS)
Profile2 Privacy module enables you to show or hide parts of a profile2 entity based on pre-configured field sets with a title and description. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is...
SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported
This module displays node author information in a jQuery slider. The module doesn't sufficiently sanitize Profile2 fields in a provided block. This vulnerability is mitigated by the fact that an attacker must have a user account allowed to edit profile fields. CVE identifiers issued CVE-2015-3365...
SA-CONTRIB-2011-050 - Organic groups - Access bypass
Organic groups OG enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. OG has an API function to check access to an entity which is in a group "context". When the entity isn't in a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the 1 skype, 2 yahoo, 3 aol, 4 msn, or 5 jabber parameter in a profile2 action. NOTE: some of these details are obtained from third...