SA-CONTRIB-2011-011 - Secure Pages - Open redirect

The Secure Pages module allows administrators to choose certain URLs that must be delivered over HTTPS. An open redirection bug allows an attacker to formulate a URL in a way that redirects the user to an arbitrarily provided URL. Versions affected Secure Pages module for Drupal 6.x versions prio...

SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure

This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...

SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities

The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting XSS vulnerability that...

SA-CONTRIB-2010-088 - Content Construction Kit (CCK) - Access Bypass

The Content Construction Kit CCK project is a set of modules that allows you to add custom fields to nodes using a web browser. The CCK "Node Reference" module provides a backend URL that is used for asynchronous requests by the "autocomplete" widget to locate nodes the user can reference. In som...

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

Ogone | Ubercart payment is a payment module for Ubercart that integrates Ogone PSP gateway as a checkout method for Ubercart. The module does not always correctly verify the order status returned by the Ogone gateway, potentially allowing unpaid orders to be processed. Versions affected Ogone |...

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

The AddonChat module provides Drupal integration with the AddonChat Java chat room. Due to unsafe handling of the global $user object, failed authentication at the custom addonchatauth.php script will log in an attacker as the chosen user. Additionally, several configuration variables are not...

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...

SA-CONTRIB-2010-041: ImageField - Access Bypass

ImageField provides a file upload field for CCK, allowing files to be attached to a node. ImageField intends to set a default extension of "png jpg gif" for all new fields, but may actually save an empty string allowing all of the "png jpg gif" extensions if an administrator does not save the fie...

SA-CONTRIB-2010-037 - Decisions - Access bypass

Decisions is a replacement for poll.module and provides advanced voting systems and decision-making tools. It aims to enable groups to take decisions online in a manner that replicates and augments what is possible in face-to-face meeting. In some listings, the Decisions module does not construct...

SA-CONTRIB-2010-028 - Tag Order - Cross Site Scripting

Tag Order module allows you to select vocabularies whose terms you would like to preserve in the original order entered per node. Taxonomy vocabulary names are not sanitized when being displayed on an administrative page, leading to a cross-site scripting XSS vulnerability. Such an attack may lea...

SA-CONTRIB-2010-017 - iTweak Upload - Cross Site Scripting

iTweak Upload does not escape file names when displaying uploaded files. This allows a malicious user with the permission to create content and upload files to perform a Cross Site Scripting XSS attack. Versions affected iTweak Upload 6.x-2.x prior to 6.x-2.3 iTweak Upload 6.x-1.x prior to 6.x-1....

SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution

The Signwriter module allows the use of TrueType fonts to replace text in headings, blocks, menus and filtered text. This vulnerability allows a remote attacker with the ability to create content using an input filter created with a Signwriter profile to execute arbitrary PHP code on an affected...

SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting

Feedback module enables users and visitors of a Drupal site to quickly send feedback messages about the currently displayed page. When displaying reports about submitted feedback, the module does not properly sanitize the user agent strings from the Browscap module before display, leading to a...

SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting

The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer biblio' permission are able to exploi...

SA-CONTRIB-2009-105 - Subgroups for Organic Groups - Cross Site Scripting

The Subgroups For Organic Groups module enables users to set group hierarchy. The module does not filter the titles of some nodes before output, leading to a cross-site scripting XSS vulnerability. Versions affected Subgroups For Organic Groups versions for Drupal 5.x prior to 5.x-4.0 Drupal core...

SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting

The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting XSS vulnerability. Versions...

SA-CONTRIB-2009-096 - Link - Cross Site Scripting

The Link module provides a CCK field which enables links to be added to content types, that can include a URL, title, and target attribute. When using the "Separate title and URL" formatter supplied by the module, the link title field is not sanitized before being displayed, leading to a Cross Si...

SA-CONTRIB-2009-085 - Insert Node - Cross Site Scripting

The Insert Node module provides an input filter that enables a node to be inserted within the body field of another node. The module fails to sanitize the inserted node, making it vulnerable to a cross site scripting XSS attack. Versions affected Insert Node module versions for Drupal 5.x prior t...

SA-CONTRIB-2009-089 - Storm - Access Bypass

The Storm module provides a project management application for Drupal. The module suffers a vulnerability whereby nodes of type 'storminvoiceitem' are not respecting the expected access permissions, potentially exposing the node title to unauthorized users. Versions affected Versions of Storm for...

SA-CONTRIB-2009-060 - Meta tags (Nodewords) - Access bypass

The Meta tags also known as Nodewords module provides meta tags based on node titles. In certain conditions, the node meta tags were not respecting access permissions, potentially exposing content not available otherwise. Versions affected Meta tags for Drupal 6.x before Meta tags 6.x-1.1 Drupal...

SA-CONTRIB-2009-050 - Webform report - Cross site scripting

Webform report allows users to create simple, dynamic reports based on data collected by the webform module. When displaying the results of Webform submissions, the module does not properly escape user entered data, leading to a cross-site scripting XSS vulnerability. Versions affected Webform...

SA-CONTRIB-2009-046 - Date - Cross Site Scripting

The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools...

SA-CONTRIB-2009-042 - Submitted By - Cross Site Scripting

Submitted By is a module to let you control the format of the "Submitted by" information on your content per content type. This module does not properly escape user input used in building the string to display the "submitted by" text. Only administrators with the 'administer content types'...

SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. In the Views UI administrative interface when configuring exposed filters, user input presented as possible exposed filters is not correctly filtered, potentially allowing maliciou...

SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities

The Ajax session module allows users to set PHP session variables using AJAX. The module does not make proper use of the Drupal API, leaving it open to multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting XSS. Versions affected Ajax Session 5.x-1.0 Drupal...

SA-CONTRIB-2009-019 - Localization client - Cross site scripting

The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. When displaying translatable strings and their completed translations, the module does not escape the data. If used to translate the Drupal core interface, this is not a...

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...

SA-CONTRIB-2009-007 - Advertisement Cross-site scripting

The Advertisement module displays and tracks advertisements on Drupal websites. Unsanitized text is displayed in several places, allowing users with "administer advertisements" permissions to execute arbitrary code. Users with "administer advertisements" permissions have the ability to configure...

SA-CONTRIB-2009-006 - Troll - Cross site request forgeries

The Troll module provides management tools for community sites to deal with badly behaved users, known as "trolls", including banning users by IP address, advanced user searching, and blocking users by role. The module does not properly implement the Drupal Form API which makes it vulnerable to...

SA-2008-068 - Localization client and Localization server - Cross site request forgery

The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. The Localization server module provides a community translation interface for translating Drupal modules and themes and is primarily used by Drupal translation teams. The serv...

SA-2008-054 - Plugin Manager - Access bypass

The Plugin Manager module provides the methods and graphical interfaces needed to automatically install new modules and themes from the Drupal.org website. An oversight in the menu permissions code allows any user to uninstall and remove modules installed with the Plugin Manager. This risk is onl...

SA-2008-050 - Mailhandler - SQL injection

The Mailhandler module allows users to create or edit nodes and comments via email. One vulnerability was found in the module. SQL Injection Mailhandler does not properly use the Drupal database API and inserts values from mails directly into queries. This can be exploited to perform SQL Injectio...

SA-2008-051 - Mailsave - Cross site scripting

Mailsave is a module that is designed to interact with mailhandler. It will detach files that are emailed to the site and save them with the node. The module trusts the mimetype that is send with the file enabling malicious users with the ability to upload files to execute cross site scripting...

SA-2008-052 - Link To Us - Cross site scripting

The Link To Us module creates a page to display uploaded banners that can be used by others to link to your Drupal site. The module will create well formed SEO links with full title, alt and anchor text determined by the node title, taxonomy term or other pages that are directed to the module...

SA-2008-036 - Profile search - SQL Injection

The Profile search module provides a way for users to search users by all profile fields, as provided by the profile module in core. Numerous values are used in SQL strings without being properly sanitized. Users with the "access user profiles" permission can use these values to execute SQL...

SA-2008-029 - E-Publish - Cross site scripting and Cross site request forgeries

The contributed module E-Publish helps organize a group of nodes into a publication, such as a newspaper, magazine or newsletter. The Drupal Forms API protects against Cross Site Request Forgeries CSRF, where a malicious site can cause a user to unintentionally take actions on another site where...

SA-2008-015 - Comment Upload - Arbitrary file upload

Comment upload enables file attachments for comments. To do so it uses and subverts various functions from the upload module that are present in Drupal core. In certain, common cases, comment upload passes incorrect data to the upload validation functions, resulting in a validation bypass, which...

SA-2008-008 - Meta tags - Arbitrary code execution

The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server. Versions affected Meta tags for Drupal...

SA-2007-029 - Drupal core - User deletion cross site request forgery

The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not protected again...

Textimage - response validation bypass

Captcha validation by Textimage can be bypassed by manipulating request variables while posting. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Textimage 4.7.x prior to Textimage 4.7-1.2. All versions of Textimage 5.x prior to...

Captcha - response validation bypass

Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...

CVS management/tracker XSS

The motivation field of the CVS application page is not passed through checkmarkup on display. A malicious user may use this field to insert and execute XSS Cross Site Scripting. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Revoking the...

Userreview cross site scripting vulnerability

It is possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Drupal core is not affected. If you do not use the...

Pubcookie security bypass

It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user. Versions affected Drupal core is not affected. If you d...

DRUPAL-SA-2005-008 XSS and HTTP header injection vulnerability with uploaded files

Paul Laudanski informed us that it's possible to attach files that are able to run Javascript under Internet Explorer. Further investigation of the problem revealed that the same method can be used to inject arbitrary HTTP headers. Versions affected Drupal 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5...

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...

OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate certain fields coming fro...