SA-CONTRIB-2012-045 - AddToAny - Cross Site Scripting

CVE: CVE-2012-2072 This module enables you to add Lockerz/AddToAny's universal sharing buttons to your site. Previously, the module did not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fac...

SA-CONTRIB-2012-002 - Lingotek - Cross Site Scripting

CVE: CVE-2012-1624 This module enables you to translate a website's content using tools provided by the Lingotek Collaborative Translation Network. The module doesn't sufficiently sanitize user input when creating or editing page content. This allows a malicious content editor to potentially inpu...

SA-CONTRIB-2011-053 - Quiz - Cross Site Scripting

Quiz module allows the creation and taking of tests that are scored either automatically or manually by a teacher. The module contains several cross site scripting XSS vulnerabilities that can be exploited when quizzes are being created. These vulnerabilities are mitigated by the fact that an...

SA-CONTRIB-2011-044 - Homebox for Organic Groups Cross Site Scripting

Homebox allows site administrators to create dashboards for their users, using blocks as widgets. Blocks in a Homebox page are resizeable, and reorderable by dragging. Homebox OG is a submodule of Homebox which allows Organics Groups administrators to specify a Homebox to be used as the group...

SA-CONTRIB-2011-029 - Taxonomy Filter - Cross Site Scripting

The Taxonomy Filter module enables users to filter taxonomy listings to find content tagged by multiple terms. Older versions of the module were susceptible to a Cross Site Scripting XSS attack by way of vocabulary names. The vulnerability was mitigated by the fact that an attacker must have a ro...

SA-CONTRIB-2011-024 - Spam - Cross Site Request Forgery (CSFR)

The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of...

SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)

Tagadelic module offers various ways to display terms and vocabularies in a tag cloud on a page or in a block. The module does not sanitize the taxonomy vocabulary names and descriptions when displayed on listing pages or blocks, leading to a Cross-Site Scripting XSS vulnerability that may lead t...

SA-CONTRIB-2011-008 - Chatroom - Cross Site Scripting (XSS) and Cross Site Request Forgery

The Chatroom module provides real-time chat capabilities to Drupal. Vulnerability: Cross Site Scripting The module does not properly escape the contents of chat messages in pages listing the chats contained in a chatroom, leading to a Cross Site Scripting XSS vulnerability. Any user with permissi...

SA-CONTRIB-2011-005 - AES encryption - Information disclosure

Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible, thus an attacker with the knowledge of which user last logged in may access th...

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...

SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)

The Panels module allows a site administrator to create customized layouts for multiple uses. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative access...

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

The oEmbed module allows a Drupal site to embed content from oEmbed-providers as well as for a site to become an oEmbed-provider itself so that other oEmbed-enabled websites can embed its content. If an external site requested to embed a node, the oEmbed provider did not check node access,...

SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities

The Imagemenu module allows users to create and maintain image based menus. The Drupal 5 branch of this module contains a Cross Site Request Forgery CSRF vulnerability which could allow a malicious user to trick an administrator into unintentionally enabling or disabling menu items provided by th...

SA-CONTRIB-2010-084 - OpenID - Authentication bypass

The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement the all required verifications from the OpenID 2.0 protocol and is vulnerable to a number of attacks. Specifically: - OpenID should verify that a "openid.responsenonce" has...

SA-CONTRIB-2010-082 - Print - Local file read access

The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content, including a PDF version that is generated by one of three supported generation tools dompdf, TCPDF and wkhtmltopdf. When using the wkhtmltopdf PDF generation tool, that tool is able to access local...

SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting

The Privatemsg module allows to send private messages between users. The module does not properly escape user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Any user with permission to write private messages is vulnerable to attack. Versions affected...

SA-CONTRIB-2010-043: Wordfilter - Cross Site Scripting

The Wordfilter module implements an input filter that rewrites content to remove improper or foul language. Wordfilter does not sanitize the list of words that are filtered along with their replacements, allowing users with permissions to manage the list of banned words to insert arbitrary HTML a...

SA-CONTRIB-2010-044: Bibliography - Cross Site Scripting

The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This is mitigated by the fact that only users with the 'administer...

SA-CONTRIB-2010-036 - Views - multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. Views accepts parameters in the URL and uses them in an AJAX callback. The values were not filtered, thus allowing injection of JavaScript code via the AJAX response. A user tricke...

SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution

Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...

SA-CONTRIB-2010-022 - Internationalization - Arbitrary code execution

The Internationalization module enables translation of user defined strings using Drupal's locale interface. Some of these user defined strings have Input formats associated with them. As translators can translate texts before they go through the Input filters, using some filters like the PHP...

SA-CONTRIB-2009-110 - Taxonomy Timer - SQL Injection

The Taxonomy Timer module enables users to set expiration dates for Taxonomy Terms. At the time of expiration other terms can be assigned, or nodes can be unpublished. In some cases the module does not properly sanitize user input, leading to a SQL Injection vulnerability. Such an attack may lead...

SA-CONTRIB-2009-106 - Agreement - Cross Site Scripting

The Agreement module enables the display of a text-based agreement think "Terms of Service" that users of a particular role must accept before they are given access to the site. The module does not sanitize some of the user-supplied fields, leading to a Cross Site Scripting XSS vulnerability...

DRUPAL-SA-CONTRIB-2009-073 - Printer, e-mail and PDF versions multiple vulnerabilities

The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content. When displaying the list of links in a page, the module does not properly escape this data, leading to a cross site scripting XSS vulnerability. In addition, the "Send by e-mail" sub-module does not...

SA-CONTRIB-2009-051 - ImageCache - Multiple vulnerabilities

ImageCache allows one to setup presets for image processing to create derivatives. ImageCache will dynamically generate a derivative on access if it doesn't exist. Cross site scripting Users with the "administer imagecache" permission are able to execute cross site scripting attacks because the...

SA-CONTRIB-2009-047 - Calendar - Cross Site Scripting

The Calendar module enables Views module to display any Date module date field as a calendar. The module does not properly escape user input when displaying titles of content types that have Date fields. A user with permission to create new content types including via the Date module's Date Tools...

SA-CONTRIB-2009-039 - Links Package - Cross Site Scripting

The Links Package is a multi-module set for managing URL links in a master directory, and attaching them in various ways to your content pages. The Links Related module of the Links Package does not properly escape user input used as the title on certain pages. A user with privileges to create...

SA-CONTRIB-2009-034 - Taxonomy manager - Cross site scripting

The Taxonomy manager module provides additional tools for administering taxonomy through Drupal. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not properly escape some user-supplied data...

SA-CONTRIB-2009-032 - Webform - Cross-site scripting

The Webform module provides a node type which is typically used to enable site visitors to fill in questionnaires, contact or request/registration forms, surveys, polls, or other forms on a Drupal site. When displaying the results of Webform submissions, the module does not properly filter user...

SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery

The Fivestar module provides a voting widget for content and records votes using Ajax. The URL used by the javascript to register votes is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Fivestar 5.x-1.x prior to...

SA-CONTRIB-2009-020 - Print - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module does not correctly escape content titles, enabling malicious users to insert arbitrary HTML and scripts into certain pages. Such a cross site scripting XSS attack against sufficiently...

SA-CONTRIB-2009-016 - Wikitools - Cross site scripting

The Wikitools module provides several options to get a more wiki-like behavior for Drupal. On several pages, the Wikitools module prints out a parameter without escaping it. Malicious users are thus able to execute a cross site scripting XSS attack when they entice users to visit a specifically...

SA-2008-072 - Storm Project - SQL injection

Storm SpeedTech Organization and Resource Manager is a project management application for Drupal. Unfortunately the Storm module allows users with access to the storm projects to enter input values which are then used directly in SQL queries without being sanitized, enabling SQL injection attacks...

SA-2008-065 - Node Clone - Access bypass

The third-party Node Clone module enables users to make a copy of an existing item of content a node, and then edit that copy. The module contains a flaw that allows a user with the 'clone node' permission to potentially bypass normal viewing access restrictions, for example allowing the user to...

SA-2008-064 - Node Vote - SQL injection vulnerability

The Node Vote module allows authorized users to vote on certain types of nodes. If the administrator has enabled the "Allow user to vote again" setting for the Node Vote module, malicious user can inject SQL when changing a previously cast vote. This is because Node Vote does not properly use the...

SA-2008-058 - Brilliant Gallery - SQL Injection

The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "access brilliantgallery" permission to perform SQL Injection attacks. These attacks may lead to the malicious user gaining...

SA-2008-040 - Organic Groups - Cross site scripting and information disclosure

Organic groups enables users to create and manage their own 'groups'. Each group can be subscribed to, and includes a group home page where subscribers can communicate amongst themselves. Two vulnerabilities were found in the module. Cross site scripting The module displays certain values without...

SA-2008-033 - Taxonomy Image - Cross site scripting

The contributed module Taxonomy Image allows the display of images associated with taxonomy terms. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and script code on pages Cross Site Scripting. This may lead to administrator access. Versions affect...

Forward - Access bypass

The Forward module is a module that allows site administrators to add links to postings that let users email the current page to a third party. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such a...

Secure site - Access bypass

Secure site allows one to protect a website with a browser-based password. These usernames and passwords are tied directly to the Drupal user database. The site will be invisible to search engines and other crawlers, but still allows access to certain users. A serious design flaw allows the acces...

getID3 library and Audio, Mediafield - arbitrary code execution

The getID3 library used by Audio and Mediafield contains a directory with scripts demonstrating use of the library. These scripts allow any visitor to browse the filesystem, read and delete files or write to zero-byte files or files with an mp3 extension. These actions are only limited by the...

IMCE file handling vulnerabilities

IMCE has two vulnerabilities with regards to file handling. 1. By passing relative paths to IMCE's delete function, a malicious user with the "delete files" permission can delete files anywhere in the directory tree depending on the access permissions of the webserver. 2. IMCE allows the upload...

DRUPAL-SA-2006-011 XSS Vulnerability in user module

A malicious user can execute a cross site scripting attack by enticing someone to visit a Drupal site via a specially crafted link. Versions affected Drupal 4.6.x versions before Drupal 4.6.9 Drupal 4.7.x versions before Drupal 4.7.3 Solution If you are running Drupal 4.6.x then upgrade to Drupal...

DRUPAL-SA-2005-007 XSS vulnerability in submitted content

Ahmed Saad has brought to our attention a creative way to enter malicious HTML content. Upon further investigation we found that interpretation of broken HTML/SGML and various quirks in interpretation of correctly formed, but non-sensical attribute values by various browsers also allows entering...

DRUPAL-SA-2005-009 Bypass "view user profiles" permission

Andrew Widdowson informed us that it's possible to bypass the 'access user profile' permission if the server is running PHP5. No data can be changed though. Versions affected Drupal 4.6.0, 4.6.1, 4.6.2, 4.6.3 Solution If you are running Drupal 4.6.x and PHP5, then upgrade to Drupal 4.6.4...

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

This module creates permissions per node content type to control access to unpublished nodes per content type. The module does not consistently control access for unpublished translated nodes...

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091

This module enables you to analyze the content that you're authoring for a website. It shows you a preview of what a search result might look like. The module doesn't sufficiently escape the metadata from content while rendering the preview, opening up the possibility of a XSS attack. This...