2 matches found
SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass
The email module provides a field type CCK / FieldAPI for storing email addresses and a formatter to output the email address as a link to a contact form. The contact form formatter allows a site visitor to email the stored address without letting them see what that e-mail address is. Access bypa...
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish,...