Lucene search
K

210 matches found

Drupal
Drupal
added 2013/01/09 12:0 a.m.21 views

SA-CONTRIB-2013-001 - Search API - Cross Site Scripting

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...

2.6CVSS5.5AI score0.0135EPSS
Exploits0References11
Prion
Prion
added 2012/12/03 9:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

6.8CVSS7.7AI score0.00636EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/12/03 9:0 p.m.19 views

CVE-2012-5547

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

7.2AI score0.00636EPSS
Exploits0References3
CVE
CVE
added 2012/12/03 9:0 p.m.48 views

CVE-2012-5547

CVE-2012-5547 concerns the Drupal contributed Search API module (7.x-1.x) vulnerable to Cross-Site Request Forgery (CSRF) before version 7.x-1.3. The flaw allows remote attackers to hijack administrator sessions to perform actions such as enabling a server via a server action or enabling a search...

6.8CVSS7.4AI score0.00636EPSS
Exploits0References3Affected Software1
Drupal
Drupal
added 2012/10/17 12:0 a.m.17 views

SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently guard the “enable index” action against Cross Site Request Forgery CSRF attacks which could allow an attacker to enable existing search indexes on your site. This...

6.8CVSS6.5AI score0.00636EPSS
Exploits0References8
Prion
Prion
added 2012/06/27 12:55 a.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...

2.6CVSS6.1AI score0.02155EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2012/06/27 12:0 a.m.22 views

CVE-2012-2712

Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...

5.8AI score0.02155EPSS
Exploits1References8
CVE
CVE
added 2012/06/27 12:0 a.m.43 views

CVE-2012-2712

CVE-2012-2712 affects Drupal’s Search API module (7.x-1.x) up to version 7.x-1.1. The issue is a failure to sufficiently sanitize user input when throwing exceptions or logging errors, enabling remote attackers to inject arbitrary scripts via crafted URLs. Impact is cross-site scripting (XSS) in ...

2.6CVSS5.8AI score0.02155EPSS
Exploits1References8Affected Software1
Drupal
Drupal
added 2012/05/23 12:0 a.m.17 views

SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)

CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...

2.6CVSS6.3AI score0.02155EPSS
Exploits1References11
Typo3
Typo3
added 2010/02/01 12:0 a.m.16 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Event Manager eventmanagement, Game Article DB gamearticledb, Simple career mlcareer, Surprise Calendar mlsurprisecalendar, Search Api Ajax Google searchajaxgoogle, Download Manager sprdownloadmanager Release...

7.4AI score
Exploits0Affected Software6
Rows per page
Query Builder