210 matches found
SA-CONTRIB-2013-001 - Search API - Cross Site Scripting
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...
CVE-2012-5547
Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...
CVE-2012-5547
CVE-2012-5547 concerns the Drupal contributed Search API module (7.x-1.x) vulnerable to Cross-Site Request Forgery (CSRF) before version 7.x-1.3. The flaw allows remote attackers to hijack administrator sessions to perform actions such as enabling a server via a server action or enabling a search...
SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently guard the “enable index” action against Cross Site Request Forgery CSRF attacks which could allow an attacker to enable existing search indexes on your site. This...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
CVE-2012-2712
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
CVE-2012-2712
CVE-2012-2712 affects Drupal’s Search API module (7.x-1.x) up to version 7.x-1.1. The issue is a failure to sufficiently sanitize user input when throwing exceptions or logging errors, enabling remote attackers to inject arbitrary scripts via crafted URLs. Impact is cross-site scripting (XSS) in ...
SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)
CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Event Manager eventmanagement, Game Article DB gamearticledb, Simple career mlcareer, Surprise Calendar mlsurprisecalendar, Search Api Ajax Google searchajaxgoogle, Download Manager sprdownloadmanager Release...