3 matches found
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish,...
SA-2008-070 - Comment Mail - Cross site request forgery
The Comment Mail module allows an email to be sent to the site administrators when new comments are posted. Links in the email allow for quick approval, editing, deletion of the comment and/or banning of the poster's IP address. Unfortunately some links are vulnerable to cross site request...
SA-2008-032 - Magic Tabs - Arbitrary code execution
Magic Tabs provides an implementation of tabs filled via AJAX requests. Malicious users are able to run arbitrary PHP code via URL arguments to Magic Tabs as it does not provide a whitelist of callbacks. Versions affected Magic Tabs for Drupal 5.x prior to Magic Tabs 5.x-1.1 Drupal core is not...