1940 matches found
Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098
Keyword Research module enables you to tag and prioritize keywords on a site and node level basis. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause another user with "kwresearch admin site keywords" permission to create, delete and set priorities to...
Decisions - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-086
Decisions module is a replacement for the Poll module and provides advanced voting systems and decision-making tools. The module doesn't sufficiently protect some links against CSRF. A malicious user can cause another user to remove individual voters by getting their browser to make a request to ...
SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect
Commerce WeDeal module enables you to do Commerce payments through the payment provider WeDeal. The module doesn't sufficiently check a query parameter used for page redirection, thereby leading to an Open Redirect vulnerability. CVE identifiers issued CVE-2015-3393 Versions affected Commerce...
SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
This module enables you to integrate Drupal with Google Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account ...
SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS)
The Freelinking module implements a filter framework for easier creation of HTML links to other pages on the site or to external sites. The module does not sanitize the node title when providing a link to the node, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated ...
SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery
The Ubercart module provides a shopping cart and e-commerce features for Drupal. Cross Site Request Forgery CSRF The country administration links are not properly protected. A malicious user could trick a store administrator into enabling or disabling a country by getting them to visit a...
SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)
The CKEditor module and its predecessor, FCKeditor module allows Drupal to replace textarea fields with CKEditor 3.x/4.x FCKeditor 2.x in case of FCKeditor module - a visual HTML editor, sometimes called WYSIWYG editor. Both modules define a function, called via an ajax request, that filters text...
SA-CONTRIB-2014-045 - Drupal Commons - Multiple Vulnerabilities
This SA contains two patches against Drupal Commons Views Bulk Operations Access Bypass Drupal commons comes with a view to moderate reported content, which is intended for authenticated users to view which content has been reported. Since it has hard coded VBO operations within the view, and...
SA-CONTRIB-2014-041 - Block Search - SQL Injection
Block Search module provides an alternative way of managing blocks. The module doesn't properly use Drupal's database API resulting in user-provided strings being passed directly to the database allowing SQL Injection. This vulnerability is mitigated by the fact that an attacker must either use a...
SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure
The SexyBookmarks module is a port of the WordPress SexyBookmarks plug-in. The module adds social bookmarking using the Shareaholic service. The module discloses the private files location when Drupal 6 is configured to use private files. This vulnerability is mitigated by the fact that only site...
SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...
SA-CONTRIB-2014-005 - Leaflet - Access bypass
The Leaflet module enables you to display an interactive map using the Leaflet library, using entities as map features. The module exposes complete data from entities used as map features to any site visitor with a Javascript inspector like Firebug. CVE identifiers issued ACVE identifier will be...
SA-CONTRIB-2012-141 - Mass Contact - Access bypass
This module allows anyone with permission to send a single message to multiple users of a site, using its roles functionality. The module doesn't sufficiently check permissions after the form has been submitted. This vulnerability is mitigated by the fact that an attacker must use a tool of some...
SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention
This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...
SA-CONTRIB-2011-059 - Meta tags quick - Cross Site Scripting (XSS)
The Meta tags quick module provides a simple tool to add meta tags to a site. The module doesn't consistently filter user input which could lead to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...
SA-CONTRIB-2011-056 - Webform Validation Cross Site Scripting
The Webform Validation module enables you to add form validation rules to Webform components through a UI. The module contains multiple cross site scripting XSS vulnerabilities due to the fact that it fails to sanitize certain user entered text prior to displaying in the browser. This vulnerabili...
SA-CONTRIB-2011-055 - Webform CiviCRM Integration - Multiple vulnerabilities
The Webform CiviCRM Integration module extends the functionality of the Webform Module to link form submissions with a CiviCRM database. Version 2.0 of the module added form validation based on CiviCRM data type. A flaw in the implementation of this feature caused other validation handlers to fai...
SA-CONTRIB-2011-041 - Hostmaster (Aegir) - Cross Site Scripting
Hostmaster Aegir provides a system for managing Drupal sites. The theme in Hostmaster, Eldir, does not sanitize the custom body classes correctly leading to a cross site scripting XSS vulnerability that can be exploited when a user is made to view a specially crafted URL. If the user is logged in...
SA-CONTRIB-2011-035 Forward module - Open redirect
The Forward module enables you to add a "forward this page" link to each node. The link takes regular site visitors to a form where they can generate an email to a friend. The module doesn't check to ensure that the page being forwarded refers to an internal path. This could allow someone to hard...
SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure
The Node Quick Find module provides a block to quickly access nodes by title via an auto-completing text field. The module does not use dbrewritesql when generating the list of node titles, allowing users to see the titles of nodes to which they may not have access. Access to the node itself is n...
SA-CONTRIB-2011-005 - AES encryption - Information disclosure
Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible, thus an attacker with the knowledge of which user last logged in may access th...
SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure
This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...
SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities
The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting XSS vulnerability that...
SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution
The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...
SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass
Ogone | Ubercart payment is a payment module for Ubercart that integrates Ogone PSP gateway as a checkout method for Ubercart. The module does not always correctly verify the order status returned by the Ogone gateway, potentially allowing unpaid orders to be processed. Versions affected Ogone |...
SA-CONTRIB-2010-063 - Studio theme pack - Cross Site Scripting
Studio theme pack is a set of themes for use as a base in creating a new theme. The Canvas-theme, part of Studio theme pack and used as base theme for the Workspace and Paint themes, also included in Studio theme pack, does not sanitize some of the user-supplied data before displaying it, leading...
SA-CONTRIB-2010-066 - FileField - Cross Site Scripting
FileField module integrates with the Content Construction Kit to provide a file upload field. It also integrates with the Views and Token modules. The module does not sanitize some of the user-supplied data before displaying it for Drupal 6.x-3.x only, or before adding it to tokens both 5.x-2.x a...
SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities
The AddonChat module provides Drupal integration with the AddonChat Java chat room. Due to unsafe handling of the global $user object, failed authentication at the custom addonchatauth.php script will log in an attacker as the chosen user. Additionally, several configuration variables are not...
SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting
The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...
SA-CONTRIB-2010-041: ImageField - Access Bypass
ImageField provides a file upload field for CCK, allowing files to be attached to a node. ImageField intends to set a default extension of "png jpg gif" for all new fields, but may actually save an empty string allowing all of the "png jpg gif" extensions if an administrator does not save the fie...
SA-CONTRIB-2010-037 - Decisions - Access bypass
Decisions is a replacement for poll.module and provides advanced voting systems and decision-making tools. It aims to enable groups to take decisions online in a manner that replicates and augments what is possible in face-to-face meeting. In some listings, the Decisions module does not construct...
SA-CONTRIB-2010-032 - Taxonomy Breadcrumb - Cross Site Scripting (XSS)
The Taxonomy Breadcrumb module generates taxonomy based breadcrumbs on node pages and taxonomy/term pages. This module does not properly sanitize taxonomy term name and, for 6.x, node titles when displayed in breadcrumbs, leading to a Cross Site Scripting XSS vulnerability. XSS vulnerabilities ma...
SA-CONTRIB-2010-017 - iTweak Upload - Cross Site Scripting
iTweak Upload does not escape file names when displaying uploaded files. This allows a malicious user with the permission to create content and upload files to perform a Cross Site Scripting XSS attack. Versions affected iTweak Upload 6.x-2.x prior to 6.x-2.3 iTweak Upload 6.x-1.x prior to 6.x-1....
SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution
The Signwriter module allows the use of TrueType fonts to replace text in headings, blocks, menus and filtered text. This vulnerability allows a remote attacker with the ability to create content using an input filter created with a Signwriter profile to execute arbitrary PHP code on an affected...
SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting
Feedback module enables users and visitors of a Drupal site to quickly send feedback messages about the currently displayed page. When displaying reports about submitted feedback, the module does not properly sanitize the user agent strings from the Browscap module before display, leading to a...
SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting
The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer biblio' permission are able to exploi...
SA-CONTRIB-2009-105 - Subgroups for Organic Groups - Cross Site Scripting
The Subgroups For Organic Groups module enables users to set group hierarchy. The module does not filter the titles of some nodes before output, leading to a cross-site scripting XSS vulnerability. Versions affected Subgroups For Organic Groups versions for Drupal 5.x prior to 5.x-4.0 Drupal core...
SA-CONTRIB-2009-095 - Smartqueue OG - Access Bypass
The Smartqueueog module uses Nodequeue's Smartqueue API to provide a Nodequeue for organic groups which is editable by members of that group or the group's administrators. Users with the "administer nodequeue" permission have the option to batch create subqueues individual instances of a queue fo...
SA-CONTRIB-2009-096 - Link - Cross Site Scripting
The Link module provides a CCK field which enables links to be added to content types, that can include a URL, title, and target attribute. When using the "Separate title and URL" formatter supplied by the module, the link title field is not sanitized before being displayed, leading to a Cross Si...
DRUPAL-SA-CONTRIB-2009-077 - Userpoints - Information disclosure
The Userpoints module enables the users of a site to gain or lose points based on their activity. There is a vulnerability in the module which allows any user with the "View own userpoints" permission to view the userpoints data of any user, not just their own. Versions affected Userponts module...
SA-CONTRIB-2009-060 - Meta tags (Nodewords) - Access bypass
The Meta tags also known as Nodewords module provides meta tags based on node titles. In certain conditions, the node meta tags were not respecting access permissions, potentially exposing content not available otherwise. Versions affected Meta tags for Drupal 6.x before Meta tags 6.x-1.1 Drupal...
SA-CONTRIB-2009-046 - Date - Cross Site Scripting
The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools...
SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities
Bubbletimer allows users to create timesheets based on nodes. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing node titles before they are displayed. It is also vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly add...
SA-CONTRIB-2009-043 - Image Assist - Multiple vulnerabilities
The Image Assist module for Drupal 5.x and 6.x allows users to upload and insert inline images into posts. Two vulnerabilities and weaknesses were discovered in the contributed Image Assist module. Cross site scripting The node title is treated as if it was safe text, and is not escaped before...
SA-CONTRIB-2009-007 - Advertisement Cross-site scripting
The Advertisement module displays and tracks advertisements on Drupal websites. Unsanitized text is displayed in several places, allowing users with "administer advertisements" permissions to execute arbitrary code. Users with "administer advertisements" permissions have the ability to configure...
SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities
This announcement covers the following two issues for the Project issue tracking module. 1. Under certain conditions, users may receive email updates for issues which they do not have proper access rights to. This issue is mainly a problem for sites that use a contributed node access module,...
SA-2008-057 - Ajax Checklist - Multiple vulnerabilities
The Ajax Checklist module implements a filter that allows a user to include checkboxes into content. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "update ajax checklists"...
SA-2008-045 - OpenID - Multiple vulnerabilities
The OpenID module for Drupal 5.x allows uses to create an account or log into a Drupal site using one or more OpenID identities. Find out more about OpenID at http://openid.net. Two vulnerabilities and weaknesses were discovered in the contributed OpenID module. Cross site scripting Some...
SA-2008-037 - TrailScout - XSS and SQL injection
The TrailScout module displays a number of last visited pages as breadcrumbs. The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross sit...
SA-2008-038 - Services - Arbitrary code execution
The Services module package was created out of a need for a standardized solution to integrate external applications with Drupal. It builds on concepts from Drupal core's XMLRPC interface, but abstracts service callbacks so that they may be used with multiple interfaces such as XMLRPC, SOAP, REST...