2 matches found
Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081
The Petition module enables you to create petitions which users may sign. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...
SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure
This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts. Information Disclosure The module doesn't sufficiently sanitize log data, allowing...