15 matches found
EUVD-2015-3399
Malware in sbrugna...
EUVD-2012-2075
Malware in sbrugna...
EUVD-2015-3402
Malware in sbrugna...
PT-2022-4536 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: PrestaShop versions 1.6.0.10 through 1.7.x before 1.7.8.2 Description: The issue is related to a lack of protection against SQL injection attacks, allowing remote attackers to execute arbitrary code. This vulnerability has been exploited in t...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors...
CVE-2015-3354
The CVE-2015-3354 entry concerns the Drupal Wishlist module (versions 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7). The vulnerability is a CSRF flaw that allows remote attackers to hijack the authentication of arbitrary users to perform actions deleting wishlist purchase intentions via unsp...
CVE-2015-3357
The CVE targets Drupal’s Wishlist module (versions 6.x-2.7 and 7.x-2.x before 7.x-2.7). Root cause: user-supplied content in log messages is not properly sanitized, allowing remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified ve...
Drupal Wishlist Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Wishlist module, which could be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected sit...
Drupal Wishlist Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP. Cross-site request forgery vulnerabilities exist in the Drupal Wishlist module, which can be exploited by an attacker to perform certain unauthorized actions and gain access to affected applications...
SA-CONTRIB-2015-014 - Wishlist - Multiple vulnerabilities
The Wishlist module enables authorized users to create wishlist nodes which describe items they would like for a special occasion. Also, it allows users to indicate their intention to purchase items for other users. The module fails to sanitize user input in log messages, leading to a Cross Site...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via the 1 wlreveal or 2 q parameter...
CVE-2012-2069
Cross-site request forgery CSRF vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via the 1 wlreveal or 2 q parameter...
CVE-2012-2069
CVE-2012-2069 is a CSRF/XSS vulnerability in the Drupal Wishlist module. Affected: Wishlist 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6. Cause: insufficient filtering of user-supplied text from the URL enabling remote attackers to hijack user authentication to trigger cross-site scripting v...
Drupal Wishlist Module 6.x / 7.x XSS / CSRF
No description provided by source. Advisory ID: DRUPAL-SA-CONTRIB-2012-042 Project: Wishlist Module 1 third-party module Version: 6.x, 7.x Date: 2012-March-21 Security risk: Moderately critical 2 Exploitable from: Remote Vulnerability: Cross Site Scripting, Cross Site Request Forgery --------...
SA-CONTRIB-2012-042 - Wishlist Cross Site Scripting (XSS)
CVE: CVE-2012-2069 The Wishlist Module allows users to maintain shared wishlists for special events and holidays. Impact: The module doesn't sufficiently filter user supplied text from the URL. This can be used to perform a reflected cross site scripting XSS attack. User account credentials could...