18 matches found
EUVD-2013-4098
Malware in sbrugna...
EUVD-2013-5155
Malware in sbrugna...
EUVD-2015-7234
Malware in sbrugna...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
Drupal Scald Module Information Disclosure Vulnerability
Drupal is a free and open source content management system developed in PHP.Scald module for Drupal is a multimedia management module for Drupal. An information disclosure vulnerability exists in the Drupal Scald module version 7.x-1.5 and prior to version 7.x-1.x, which allows a remote attacker ...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
Information disclosure
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
CVE-2015-7305
The vulnerability CVE-2015-7305 affects the Drupal Scald module (Scald 7.x-1.x) prior to 7.x-1.5, where a misconfiguration allows remote attackers to obtain sensitive atom property information via a debug context, bypassing field restrictions. Affected software is the Scald: Media Management made...
Scald - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-151
This module enables you to easily manage your media assets and re-use them in all your content. The module provided a "debug" context that gave access to all the atom properties, including all the fields attached to this atom, without applying the corresponding field restrictions. This...
CVE-2013-5315
Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...
CVE-2013-4174
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...
Cross site scripting
Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...
CVE-2013-4174
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...
CVE-2013-5315
CVE-2013-5315 is an XSS flaw in Drupal’s Scald module (MEE submodule). Affected: Scald 6.x-1.x before 6.x-1.0-beta3 and Scald 7.x-1.x before 7.x-1.1. Vulnerability: unsanitized atom title in Resource Manager (mee.module) allows remote injection of script/HTML. Impact is low to partial in integrit...
CVE-2013-5315
Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...
SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)
This module enables you to handle media assets atoms in Drupal with a Views-based library, drag and drop interface and manage content attribution/licensing/distribution. The module doesn't sufficiently filter atom properties such as the atom title when outputting atoms, thereby exposing a Cross...