EUVD-2013-0259

Malware in sbrugna...

CVE-2013-0225

Cross-site scripting XSS vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name...

GHSA-F6FM-R26Q-P747 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

CVE-2013-0225

Cross-site scripting XSS vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name...

Cross site scripting

Cross-site scripting XSS vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name...

CVE-2013-0225

The CVE-2013-0225 entry concerns the Drupal User Relationships contributed module, not Drupal core. Affected versions are 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5. The root cause is insufficient escaping of the relationship name, allowing remote authenticated users with the "admin...

CVE-2013-0225

Cross-site scripting XSS vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name...

SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)

The User Relationships module allows you to create multiple relationship types and maintain relationships between users in your Drupal site. The module does not sufficiently escape relationship names before display. This allows users with the correct permissions to create relationship names...