EUVD-2012-2295

Malware in sbrugna...

CVE-2012-2302

Site Documentation Sitedoc module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2015-4370

Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...

Cross site scripting

Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...

CVE-2015-4370

CVE-2015-4370 is a XSS in the Drupal Site Documentation module (6.x-1.x) prior to 6.x-1.5. Root cause: insufficient sanitization of user-supplied text on certain pages, exploitable by remote authenticated users with permission to create/edit taxonomy terms. Impact: arbitrary script/HTML injection...

CVE-2015-4370

Cross-site scripting XSS vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Site Documentation Module

Drupal is a developmental CMF Content Management Framework written in the PHP language. Multiple cross-site scripting vulnerabilities exist in the Drupal Site Documentation module. Because the application fails to properly filter user-supplied input, an attacker could exploit the vulnerabilities ...

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS)

Site Documentation module enables you to display detailed configuration information. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a user with...

CVE-2012-2302

Site Documentation Sitedoc module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2008-2271

The Site Documentation Drupal module vulnerability CVE-2008-2271 affects Drupal sites using the Site Documentation module 5.x (before 5.x-1.8) and 6.x (before 6.x-1.1). Remote authenticated users can abuse the module’s access content permission to enumerate database tables and obtain session IDs,...

Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure

The version of the Site Documentation third-party module for Drupal installed on the remote host allows any user with 'access content' permission to retrieve the contents of arbitrary tables in the application's database. An attacker can exploit this issue to retrieve sensitive information, such ...

SA-2008-030 - Site Documentation - Privilege escalation

The contributed module Site Documentation intends to assist developers and administrators when they start working with a new site by showing them information from the database. All users with the "access content" permission are able to use the module to list arbitrary tables from the database. In...