2 matches found
SA-CONTRIB-2012-065 - Sitedoc - Information disclosure
CVE: CVE-2012-2302 This module enables you to display a plethora of information about your site's structure. Optionally, the information may be saved into a file for later comparison. The module doesn't sufficiently verify that the saved file is protected by the Private File System. This...
SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting
When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...