4 matches found
Drupal Node Embed Module Remote Denial of Service Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Node Embed is one of the node modules used to integrate CKEditor's input filters into the content editor and embed them within the body of the article. A remote denial of service...
SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting (XSS)
OG Tabs modules provides a secondary menu with links to nodes of the same OG group. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission t...
SA-CONTRIB-2014-053 - Field API Tab Editor (FATE) - Access bypass
This module allows each entity field to be individually edited via its own custom page, accessible via a tab on the entity's page. The module returns an incorrect value to hookmenu if the current user does not have access to edit the entity. This allows users who would not normally have access to...
SA-CONTRIB-2012-143 PRH Search - Cross Site Scripting (XSS)
PRH Search provides an interface to search for association information for Finnish association using the PRH Patentti- ja Rekisterihallitus database. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection vulnerability XSS...