Lucene search
K

4 matches found

Drupal
Drupal
added 2014/02/12 12:0 a.m.10 views

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

The Webform Validation module enables you to add additional form validation rules to Webforms created by the Webform module. The module doesn't sufficiently filter component name text before display, opening up the possibility of cross site scripting. This vulnerability is mitigated by the fact...

6.4AI score
Exploits0References11
Drupal
Drupal
added 2012/06/06 12:0 a.m.29 views

SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

The Maestro module is a workflow engine/solution that facilitates simple and complex business process automation. The module doesn't sufficiently filter user-supplied data in its admin screens leading to a Cross Site Scripting XSS vulnerability. A Cross Site Request Forgery vulnerability in the...

5.1CVSS5.8AI score0.02117EPSS
Exploits2References12
Drupal
Drupal
added 2012/03/28 12:0 a.m.18 views

SA-CONTRIB-2012-048 - Contact Save - Cross Site Scripting

CVE: CVE-2012-2075 This module stores in the database all messages submitted through the core contact forms, and provides a way to respond to these messages through the website. The module doesn't sufficiently filter user supplied text, leading to a cross-site scripting XSS vulnerability. This...

2.1CVSS5.6AI score0.01659EPSS
Exploits1References9
Drupal
Drupal
added 2009/07/29 12:0 a.m.13 views

SA-CONTRIB-2009-046 - Date - Cross Site Scripting

The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools...

6AI score
Exploits0References6
Rows per page
Query Builder