5 matches found
EUVD-2009-3885
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation...
CVE-2009-3914
Cross-site scripting XSS vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation...
CVE-2009-3914
The CVE-2009-3914 entry concerns Drupal’s Temporary Invitation module (5.x) with versions before 5.x-2.3. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary script/HTML via the Name field in an invitation. Impact is partial integrity of affecte...
SA-CONTRIB-2009-093 - Temporary Invitation - Cross Site Scripting
The Temporary Invitation module enables site users to invite guests for a limited timespan. For each invitation, a new user is created, together with a login code e.g. "EbN2F3" that the user can use to log in. The module fails to sanitize a value in Name field which is included in the invitation,...