EUVD-2008-4135

Malware in sbrugna...

EUVD-2008-4136

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

Information disclosure

The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information...

CVE-2008-4153

The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information...

CVE-2008-4152

CVE-2008-4152 is a cross-site scripting issue in Drupal’s Talk module (5.x before 5.x-1.3 and 6.x before 6.x-1.5). It enables remote authenticated users to inject arbitrary web script/HTML via a node title. Affected versions are prior to the specified fixes; remediation is to upgrade to 5.x-1.3 a...

SA-2008-049 - Talk - Multiple vulnerabilities

The Talk module for Drupal 5.x and 6.x creates a "Talk" tab for nodes in which the comments belonging to the node are displayed. Two vulnerabilities and weaknesses were discovered in the contributed Talk module. Cross site scripting The node title is treated as if it was safe text, and is not...