Outline Designer - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-035

This module enables you to mass administer book outlines and perform common operations through one interface, improving the usability for the book module. The module doesn't sufficiently sanitize titles when presenting them on this interface. This vulnerability is mitigated by the fact that an...

Fieldable Panels Panes - Moderately Critical - XSS - SA-CONTRIB-2016-025

This module enables you to create fieldable entities that have special integration with Panels. The module doesn't sufficiently filter the entity title or admin title fields when they are displayed in either the Panels admin UI or the In-Place Editor IPE, allowing for specially crafted XSS attack...

FileField - Denial of Service - SA-CONTRIB-2016-008

FileField module allows users to upload files in conjunction with the Content Construction Kit CCK module in Drupal 6. The module doesn't validate that a request to delete a temporary file was made by the user who uploaded the file. An attacker can use this vulnerability to delete other user's fi...

Open Atrium - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-174

Open Atrium distribution enables you to create an intranet. Open Atrium Core module doesn't sufficiently sanitize some user supplied text, leading to a reflected Cross Site Scripting vulnerability XSS. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordanc...

SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting (XSS)

The Trick Question is a CAPTCHA-type spam prevention module; a lightweight, compact and simple alternative to larger and more complex modules. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. The vulnerability is...

SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass

This module enables you to associate menus with Organic Groups OG. It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity form, etc. The module doesn't sufficiently check the menu parameters passed...

SA-CONTRIB-2014-097 - nodeaccess - Access Bypass

Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. This module enables you to inadvertently allow an author of a node view/edit/delete the node in question who may not have access. The module over-eagerly grants read/write/delete access to all autho...

SA-CONTRIB-2014-062 -Passsword Policy - Multiple vulnerabilities

The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords. Access bypass and information disclosure 7.x only The module has a history constraint, which when enabled, disallows a user's password from being changed to match a...

SA-CONTRIB-2014-055 - Require Login - Access bypass

This module enables you to restrict access to a site for all non-authenticated users. The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users. This vulnerability is mitigated by the fact that private/sensitive information must be...

SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure

Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce. The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is never...

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass

This module adds a contextual menu to fields which are added to an entity display in Panels, allowing individual fields to be directly edited via a separate page or, if it is enabled, the Overlay module. The module doesn't sufficiently verify the user has access to modify the entity the field is...

SA-CONTRIB-2014-040 - Skeleton theme - Cross Site Scripting

The Skeleton theme is a responsive Drupal theme, built upon the Skeleton Boilerplate. The Skeleton theme does not properly sanitize theme settings before they are used in the output of a page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

SA-CONTRIB-2014-022 - Slickgrid - Access bypass

The Slickgrid module is an implementation of the jQuery slickgrid plugin, a lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view style, so all data can be output as an editable grid. The module doesn't check access sufficiently, allowing users to edit and change field values o...

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

This module enables you to resize images based on the HTML contents of a post. Images with specified height and width properties that differ from the original image result in a resized image being created. The module doesn't limit the number of resized images per post or user, which could allow a...

SA-CONTRIB-2012-139 - PDFThumb OS Injection

PDFThumb module creates thumbnail images of PDF files. The module doesn't sufficiently escape user-entered values when executing commands on the server allowing an attacker to execute whatever commands are available to the web server user e.g. www-data. This vulnerability is mitigated by the fact...

SA-CONTRIB-2012-134 - Views - Privilege Escalation

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on...

SA-CONTRIB-2012-132 - Announcements - Access Bypass

The Announcements module creates an "announcement" content type and provides both node views and block lists. The module doesn't sufficiently check node access under certain conditions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access...

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...

SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)

Elegant Theme is a light weight Drupal 7 theme with a modern look and feel. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have ...

SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)

Gallery formatter provides a field formatter for images that turns the fields into jQuery galleries. The module did not properly escape input from the user before printing it to the browser, allowing malicious users to inject script code into the page. This vulnerability is mitigated by the fact...

SA-CONTRIB-2012-090 - File depot - Session Management Vulnerability

The filedepot module is a Document Management module. It fulfills the need for an integrated file management module supporting role and user based security. Documents can be saved outside the Drupal public directory to protect documents for safe access and distribution. The module has a Session...

SA-CONTRIB-2012-088 - Mobile Tools - Cross Site Scripting (XSS)

Mobile Tools provides Drupal developers with some tools to assist in making a site mobile. The module contains several persistent cross site scripting XSS vulnerabilities due to the fact that it fails to sanitize user supplied values before display. CVE: CVE-2012-2717 Versions affected Mobile Too...

SA-CONTRIB-2011-048 - Certificate Login SQL Injection

The Certificate login module provides client certificate authentication of Drupal users. The authentication is based on the client certificate's data fields, which are then used as the user name for authentication. The obtained data isn't properly sanitized using Drupal's database API, which may...

SA-CONTRIB-2011-040 Author Pane access bypass

The Author Pane module provides information about users on a site. This module has integration with several other modules including the user locations of the Location module. If you enabled display of user locations the Author Pane module may have shown user locations to site visitors who did not...

SA-CONTRIB-2011-027 -Facebook Share - Cross Site Scripting (XSS)

This module enables Drupal site administrators to add a Facebook Share button to selected content type nodes. The module doesn't sufficiently check the override text or button size input fields on the module configuration form to prevent against an XSS exploit. This vulnerability is mitigated by...

SA-CONTRIB-2011-023 - Prepopulate - Multiple vulnerabilities

The Prepopulate module enables pre-populating forms in Drupal using the $REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting XSS possibility in certain circumstances. Users privileged to use forms with certain form fields can insert arbitrary HT...

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...

SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)

The contributed flag page module provides an additional flag type to allow you to flag pages so you can bookmark any URL on your site including views, panels, administration pages or site contact page. The module does not sanitize the flag titles when displayed in blocks, leading to a Cross-Site...

SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities

Advanced Taxonomy Blocks makes use of the JQuery menu module to create extremely customizable blocks for browsing through single hierarchy taxonomies. The module contained Cross Site Scripting vulnerabilities which could allow a malicious user with one of several non-default permissions to inject...

SA-CONTRIB-2010-067 - Views - Multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Cross Site Request Forgery CSRF The Views UI module, which is included with Views, can be used to enable/disable Views by following a link to a particular page e.g...

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

The User Queue module allows you to create multiple queues, add users to them, and order the users within the queue. The module is vulnerable to cross-site request forgeries CSRF via the URL used to delete users from the queue. A user with "administer user queues" permission could be manipulated...

SA-CONTRIB-2010-046: Award - Cross Site Scripting

The Award module allows administrators to identify one or more content types as "awards" that can be granted to users. When the title of an award is displayed on a user's profile page it is not properly sanitized, resulting in a cross site scripting vulnerability. Attackers must have the permissi...

SA-CONTRIB-2010-039: CCK TableField - Cross Site Scripting

The CCK TableField module provides a generic method to attach tabular data to a node. CCK TableField does not sanitize table headers before output, allowing anyone with permissions to create or edit a node containing one or more TableField fields to insert arbitrary HTML and script code. Such a...

SA-CONTRIB-2010-040: FileField - Access Bypass

FileField provides a file upload field for CCK, allowing files to be attached to a node. FileField intends to set a default extension of "txt" for all new fields, but may actually save an empty string allowing all extensions if an administrator does not save the field configuration page after...

SA-CONTRIB-2010-038 - Privatemsg - Access bypass

The Privatemsg module allows to send private messages between users. Additionally, the sub module Privatemsg Email Notification sends e-mail notification when such a message is sent. The page to configure the template for these e-mails does not use the correct access permission which allows all...

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...

SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass

The Weekly Archive by Node Type module generates weekly archive pages and a block with links to the pages. You can specify the node types that will be included in the archive pages. In weekly summaries listings, the Weekly Archive by Node Type module does not construct its SQL query to respect no...

SA-CONTRIB-2010-016 - Graphviz Filter - arbitrary code execution

Graphviz Filter does not properly filter user input via @command option in node body, leading to a possible Arbitrary Shell Code Execution vulnerability. This vulnerability allows a remote attacker with the ability to create content using a Graphviz input filter to execute an arbitrary shell code...

SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution

The Node export module allows users to export and import nodes. Node export does not warn administrators that users with the "access administration pages" permission together with the "import nodes" permission can execute arbitrary PHP statements during the import operation. Versions affected Nod...

SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting

Recent Comments module provides a high-performance, fully themable block of recent comments. This release includes a fix for a cross-site scripting XSS vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom tit...

SA-CONTRIB-2009-108 - Gallery Assist - Cross Site Scripting

The Gallery Assist module provides a simple way to create image galleries on a site. The module does not sanitize node titles, leading to a Cross Site Scripting XSS vulnerability. Versions affected Gallery Assist module for Drupal 6.x prior to Gallery Assist 6.x-1.7 Drupal core is not affected. I...

SA-CONTRIB-2009-099 - RootCandy Theme - Cross Site Scripting

RootCandy is a theme specifically designed for use in the administration section. The theme fails to sanitize a URL value, leading to a Cross Site Scripting XSS vulnerability. Versions affected RootCandy theme for Drupal 6.x prior to RootCandy 6.x-1.5 Drupal core is not affected. If you do not us...

SA-CONTRIB-2009-093 - Temporary Invitation - Cross Site Scripting

The Temporary Invitation module enables site users to invite guests for a limited timespan. For each invitation, a new user is created, together with a login code e.g. "EbN2F3" that the user can use to log in. The module fails to sanitize a value in Name field which is included in the invitation,...

SA-CONTRIB-2009-087 - FAQ Ask - Multiple Vulnerabilities

The FAQ Ask module enables site users to ask questions for experts to answer. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting problems Cross Site Scripting. These vulnerabilities allow an attacker to hijack the account of a logged ...

SA-CONTRIB-2009-079 - vCard - Cross Site Scripting

The vCard module adds a vCard download link to every user's profile. This link makes it easy to add users from a Drupal site to a local address book. When the themevcard function is added to a theme and default content from the vCard module is output, the site will be vulnerable to Cross Site...

SA-CONTRIB-2009-074- Webform - Multiple vulnerabilities

Cross-site scripting The Webform module enables the creation of custom forms for collecting data from users. The Webform module does not properly escape field labels in certain situations. A malicious user with permission to create webforms could attempt a cross-site scripting XSS attack when...

SA-CONTRIB-2009-065 - Browscap - Cross Site Scripting

The Browscap module provides a way to identify the visitors to your site based on the user agent in their browser. It can also record these user agent strings and provide reports about them. When displaying reports about visitors, the module does not properly sanitize the user agent strings befor...

SA-CONTRIB-2009-066 - Organic Groups - Cross Site Scripting

The Organic Groups OG module provides a way to organize users and content into groups. When displaying group nodes, the module does not properly sanitize all user-entered text, leading to a cross-site scripting XSS vulnerability. Users with permission to create or edit groups nodes which may be a...

SA-CONTRIB-2009-036 - Services - Impersonation

The Services module provides integration of external applications with Drupal. Service callbacks may be used with multiple interfaces like XMLRPC, SOAP, REST, AMF. When key based access is enabled any user may view or add keys, allowing a third party to access services they would not otherwise be...

SA-CONTRIB-2009-028 - Feed Block - Cross Site Scripting

The Feed Block module creates a block with one externalsyndicated article for each feed source from selected feed category. Feed block doesn't properly escapes aggregator items allowing users with administer news feeds permission to inject arbitrary code into the site. Such a cross site scripting...