2 matches found
SA-CONTRIB-2014-122 - MoIP - Cross Site Scripting (XSS)
This module enables you to use Moip a Brazilian payment method with Drupal Commerce. The module doesn't sufficiently filter the data passed by the automatic notifications, leaving the possibility for a malicious user to insert Cross Site Scripting xss attacks. This vulnerability is mitigated by t...
SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass
This module allows you to delegate user authentication to the web server. The module can be configured to automatically create users that have been authenticated by the web server. There was an issue where a configuration variable did not have consistent default values in the code meaning that in...