7 matches found
EUVD-2012-1637
Malware in sbrugna...
CVE-2012-1627
Cross-site scripting XSS vulnerability in vudterm.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms...
CVE-2012-1627
Cross-site scripting XSS vulnerability in vudterm.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms...
Cross site scripting
Cross-site scripting XSS vulnerability in vudterm.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms...
CVE-2012-1627
Vulnerability: CVE-2012-1627 affects the Drupal Vote Up/Down module (vud_term) 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1. Description: the vud_term sub-module does not sufficiently sanitize taxonomy terms, allowing remote authenticated users to inject arbitrary script/HTML. Impact: XSS vi...
SA-CONTRIB-2012-005 - Vote up/down - Cross Site Scripting
CVE: CVE-2012-1627 This module enables you to add voting widgets to nodes, terms and comments. The vudterm sub-module doesn't sufficiently sanitize taxonomy terms before display. In order to execute arbitrary script injection malicious users must have the ability to create or edit taxonomy terms...
SA-CONTRIB-2009-017 - Vote Up/Down - Cross-site request forgery
The Vote Up/Down module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Vote Up/Down 5.x-1.x prior to 5.x-1.1 Vote Up/Down...