Lucene search
K

37 matches found

OSV
OSV
added 2021/01/01 1:15 a.m.5 views

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

8.8CVSS5.8AI score0.01417EPSS
Exploits0References3
Prion
Prion
added 2021/01/01 1:15 a.m.20 views

Code injection

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

6.5CVSS8.7AI score0.01417EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/12/31 11:27 p.m.91 views

CVE-2018-25002

CVE-2018-25002 affects the Drupal KCFinder integration (uploader.php) through 2018-06-01, where input validation is mishandled. The issue originates from the KCFinder integration project and is associated with SA-CONTRIB-2018-024. NVD lists CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vect...

8.8CVSS8.6AI score0.01417EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.10 views

Fedora 30 : drupal7-xmlsitemap (2019-0b26efb6b8)

https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053 -...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.16 views

Fedora 29 : drupal7-ds (2019-5258ea8ae2)

https://www.drupal.org/project/ds/releases/7.x-2.16 - https://www.drupal.org/project/ds/releases/7.x-2.15 - Critical - Cross site scripting XSS - SA-CONTRIB-2018-019 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

5.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.12 views

Fedora 29 : drupal7-xmlsitemap (2019-f219dbb548)

https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053 -...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.10 views

Fedora 30 : drupal7-uuid (2019-e454116a1a)

https://www.drupal.org/project/uuid/releases/7.x-1.2 - https://www.drupal.org/project/uuid/releases/7.x-1.1 - Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

5.5AI score
Exploits0References2
Drupal
Drupal
added 2018/12/05 12:0 a.m.14 views

Password Policy - Less critical - Denial of Service - SA-CONTRIB-2018-077

The Password Policy module makes it possible to set constraints on user passwords which disallow certain passwords. The "digit placement" constraint is vulnerable to Denial of Service attacks if an attacker submits specially crafted passwords which can cause a site to become unresponsive. This...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/12/05 12:0 a.m.10 views

Responsive Menus - Moderately critical - Cross site scripting - SA-CONTRIB-2018-079

This module enables you to collapse your sites main menu on mobile, and show a menu toggle button. The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacke...

5.9AI score
Exploits0References5
Drupal
Drupal
added 2018/11/28 12:0 a.m.21 views

Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either:...

5.9AI score
Exploits0References12
Drupal
Drupal
added 2018/10/31 12:0 a.m.17 views

Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072

The session limit module enables a site administrator to set a policy around the number of active sessions users of the site may have. This is typically set to one so that you can only be logged in once with the same user account. In one configuration of the module, when a user logs in with anoth...

6AI score
Exploits0References7
Drupal
Drupal
added 2018/10/17 12:0 a.m.25 views

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-070

This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc... The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting XSS vulnerability. This vulnerability can be exploit...

6.1CVSS5.9AI score0.00793EPSS
Exploits0References6
Drupal
Drupal
added 2018/10/10 12:0 a.m.15 views

NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066

NVP field module allows you to create a field type of name/value pairs, with custom titles and easily editable rendering with customizable HTML/text surrounding the pairs. The module doesn't sufficiently handle sanitization of its field formatter's output. This vulnerability is mitigated by the...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/10/03 12:0 a.m.19 views

Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063

This module provides printer-friendly versions of content, including send by e-mail and PDF versions. The module doesn't sufficiently sanitize the arguments passed to the wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell commands. It also doesn't sufficiently sanitize...

7.1AI score
Exploits0References7
Drupal
Drupal
added 2018/09/26 12:0 a.m.17 views

Commerce Klarna Checkout - Moderately critical - Access bypass - SA-CONTRIB-2018-062

The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step...

6.6AI score
Exploits0References6
Drupal
Drupal
added 2018/09/19 12:0 a.m.16 views

Renderkit - Moderately critical - Access bypass - SA-CONTRIB-2018-060

This module, typically in combination with cfr:cfrplugin, allows to compose behaviors from granular components. One of such behaviors is to display a list of related entities, for a given source entity and a given entity relation e.g. an entity reference field. The components that display related...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/09/05 12:0 a.m.14 views

Fraction - Less critical - XSS vulnerability - SA-CONTRIB-2018-059

This module enables you to create fields for storing decimal values as two integers numerator and denominator for maximum precision. The module doesn't sufficiently filter XSS strings out of field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the abili...

5.9AI score
Exploits0References7
Drupal
Drupal
added 2018/08/29 12:0 a.m.21 views

Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058

This module enables you to use the Bing Autosuggest API. The module doesn't sufficiently sanitize a value used to populate an API request...

6.6AI score
Exploits0References5
Drupal
Drupal
added 2018/08/08 12:0 a.m.16 views

PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055

This module enables you to add or overwrite PHP configuration on a drupal website. The module doesn't sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker. This vulnerability is mitigated by the fact that an attacker must have a ro...

6.8AI score
Exploits0References7
Drupal
Drupal
added 2018/07/25 12:0 a.m.9 views

Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054

This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value. The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used. This vulnerability is mitigated by th...

6.5AI score
Exploits0References7
Rows per page
Query Builder