SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS)

This module enables you to integrate Campaign Monitor into Drupal so you can give users the ability to subscribe and unsubscribe for your Campaign Monitor lists. The module doesn't sufficiently validate strings entered in the administration interface. This vulnerability is mitigated by the fact...

SA-CONTRIB-2012-109 - Restrict node page view - Access bypass

This module enables you to disable direct access to node pages node/XXX based on nodetypes and permissions. The module issues a NODEACCESSALLOW if it's permissions are met, but does not respect the "administer nodes" or "access own unpublished content" permissions. The consequence is that this...

SA-CONTRIB-2012-107 - Search autocomplete - Access bypass

This module allows you to add autocomplete functionality to virtually any fields of a Drupal site. The module doesn't sufficiently protect access to the module admin page. This vulnerability is mitigated by the fact that the user can only access the page, disable an autocompletion or change...

SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution

Important note: Most of the vulnerabilities discussed below can be exploited when the Drag & Drop Gallery module is disabled on a Drupal site. See Solution below for details. The Drag & Drop Gallery creates a gallery node type that allows you add images to the gallery by dragging and dropping...

SA-CONTRIB-2012-111 - Security Questions - Access Bypass

This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...

SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow guideline/specification

The Ubercart SecureTrading Payment Method module provides an Ubercart payment method for the SecureTrading.com gateway. The module's payment method did not properly verify the validity of payment notification information. A malicious user could trick a site into thinking that an item has been pai...

SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass

Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn't sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into t...

SA-CONTRIB-2012-106 - Listhandler - Access Bypass

Listhandler is a module that marries mailing list discussions and Drupal forums. The module doesn't sufficiently check the permissions of comment authors when importing emails. CVE: CVE-2012-4470 Versions affected All Listhandler 6.x-1.x versions. Drupal core is not affected. If you do not use th...

SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)

The Hashcash project is an implementation of a Proof Of Work POW or Puzzle scheme where users of a service have to do computational work to have their request granted. In the case of the Drupal Hashcash project, the service is 'form submission' and the Proof Of Work is a token that causes a parti...

SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)

The Privatemsg module allows users to send private messages between to each other. The module doesn't sufficiently sanitize user names when creating messages. This vulnerability is mitigated by the fact that it is not possible to create insecure user names through the default user interface. The...

SA-CONTRIB-2012-101 - Protected Node - Access Bypass

The Protected Node module enables users to use a password to restrict access to an individual node or all nodes of a node type. The module doesn't sufficiently protect node access when nodes are accessed outside of the standard node view i.e. node/1 is protected but other lists are not. CVE:...

SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)

The Simple Meta module provides a method to set meta tags, such as page title, description and keywords for nodes, views and other pages. The module doesn't sufficiently confirm user intent when adding and deleting meta tag entries allowing a malicious user to trick a site admin into deleting...

SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF)

Node Hierarchy module allows for the creation of parent child relationships among nodes that can create a tree-like hierarchy of content. The module doesn't sufficiently confirm user intent when reordering children nodes allowing a malicious user to trick a site admin to changing the desired...

SA-CONTRIB-2012-098 - Janrain Capture - Open Redirect

This module allows for authentication through the cloud user-management platform Janrain Capture. Part of the module exposes an endpoint to re-synchronize user data between Drupal and Capture and allows for passing an optional parameter to redirect the user back to an original location. This...

SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

This module enables you to replace the default Ubercart shopping cart block with an AJAX-enabled one. The module includes the user's current session ID in one of its JavaScript settings keys on every page load which could be intercepted if the user's connection is not over SSL. This vulnerability...

SA-CONTRIB-2012-103 - Global Redirect - Open Redirect

This module improves SEO and usability of a site by redirecting visitors to user-friendly and search-engine-friendly URLs. The module does not sufficiently validate that a destination URL is internal to the site, allowing an attacker to disguise a malicious destination address as a query paramete...

SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass

The Organic Groups module enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. Cross Site Scripting The module doesn't sufficiently filter user supplied text when used in connectio...

SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

The Maestro module is a workflow engine/solution that facilitates simple and complex business process automation. The module doesn't sufficiently filter user-supplied data in its admin screens leading to a Cross Site Scripting XSS vulnerability. A Cross Site Request Forgery vulnerability in the...

SA-CONTRIB-2012-093 - Node Embed - Access Bypass

Node Embed gives content editors an interface for selecting and embedding nodes using a WYSIWYG editor. The interface for selecting nodes is a page that had no access check, allowing users to view node titles they might not have access to. This issue only affects your site if you have unpublished...

SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS)

Protest allows websites to display a complete page blackout website protest. The module contains a cross site scripting XSS vulnerability as it fails to sanitize user input before display. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administe...

SA-CONTRIB-2012-095 - Simplenews - Information Disclosure

Simplenews publishes and sends newsletters. When subscribing to a Simplenews mailing list, confirmation may be required, and Simplenews may disclose the user's e-mail address on the confirmation page. Further, due to the absence of a noindex tag, the list of e-mail addresses can subsequently be...

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

This module creates an input format suitable for use within a WYSIWYG editor. It adds support for the iframe HTML tag, making it friendly with the popular iframe embeds available in popular video sites like YouTube and Vimeo. It supports the script tag too. Both tags will only be allowed if the...

SA-CONTRIB-2012-091 - Token Authentication - Access bypass

The Token Authentication module provides a token for use in the URL to authenticate users to a site. Under certain uncommon situations, the module may not revert a user's session properly. Depending on how tokenauth is used, this could result in subsequent requests being performed as a user with...

SA-CONTRIB-2012-090 - File depot - Session Management Vulnerability

The filedepot module is a Document Management module. It fulfills the need for an integrated file management module supporting role and user based security. Documents can be saved outside the Drupal public directory to protect documents for safe access and distribution. The module has a Session...

SA-CONTRIB-2012-086 - Amadou - Cross Site Scripting

The Amadou theme outputs additional first and last classes to the list of links to help out themers. This was being done in a way that was not secure. A Cross Site Scripting XSS vulnerability was identified in Amadou theme's themeslinks function in the template.php file, which was fixed in the...

SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery

This module enables you to moderate comments in an accelerated way, by providing a complete interface and all useful actions in a unique page. The module doesn't sufficiently protect the publish link URL, thus a Cross Site Request Forgery CSRF attack against an administrator could result in...

SA-CONTRIB-2012-089 - Counter - SQL Injection (unsupported)

Counter module counts how many visitors on your website. This module provides real time counting with all data saved to the database. The module doesn't sufficiently filter user supplied text when recording visits to the database which leads to a SQL Injection vulnerability. CVE: CVE-2012-2718...

SA-CONTRIB-2012-088 - Mobile Tools - Cross Site Scripting (XSS)

Mobile Tools provides Drupal developers with some tools to assist in making a site mobile. The module contains several persistent cross site scripting XSS vulnerabilities due to the fact that it fails to sanitize user supplied values before display. CVE: CVE-2012-2717 Versions affected Mobile Too...

SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)

CVE: CVE-2012-2712 This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input in some cases when throwing exceptions or logging errors. This enables attackers to insert arbitrary data into a page by...

SA-CONTRIB-2012-083 - Taxonomy List - Cross Site Scripting (XSS)

CVE: CVE-2012-2711 This module enables you to display the terms and optionally nodes under categories. The module doesn't sufficiently sanitize user supplied text in the taxonomy information. This vulnerability is mitigated by the fact that an attacker must have a role with permissions to create ...

SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities

CSRF Issue: CVE: CVE-2012-2713 BrowserID login theft: CVE: CVE-2012-2714 The BrowserID module provides integration with BrowserID also known as Mozilla Persona -- a Mozilla project that lets users of your site quickly and easily log in without needing to remember a password specific to your site...

SA-CONTRIB-2012-081 - Aberdeen - Cross Site Scripting

CVE: CVE-2012-2907. The Aberdeen theme provides a configurable breadcrumb which is commonly used as an additional navigation tool for users. The theme outputs the breadcrumb, but does not provide sufficient filtering to prevent a Cross site scripting XSS attack. This vulnerability is mitigated by...

SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass

CVE: CVE-2012-2702. This module enables you to sell product keys from an Ubercart store. Under certain circumstances, a user can view all unassigned product keys which could grant them access to the software circumventing the process of selling the key. Versions affected Ubercart Product Keys...

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

CVE: CVE-2012-2705. The function filtertitles incorrectly attempts to set a title to plain-text, but does not properly filter user supplied text. This vulnerability is mitigated by the fact that an attacker must have the permission to create or edit a node to exploit the issue. Versions affected...

SA-CONTRIB-2012-077 - Advertisement - Cross Site Scripting & Information Disclosure

XSS Issue: CVE: CVE-2012-2703. Access bypass: CVE: CVE-2012-2704 This module enables you to serve advertisements, define pools of ads and show certain ads on certain pages. The module could, under certain conditions, expose limited site configuration information and a debugging mode did not...

SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

Cross Site Scripting CVE: CVE-2012-2708. Hostmaster displays a log from tasks executed in Aegir's backend component, provision. In certain circumstances these log messages were not escaped properly before being displayed to the user. This vulnerability is mitigated by the fact that people wishing...

SA-CONTRIB-2012-082 - Zen - Cross Site Scripting

CVE: CVE-2012-2710. The Zen theme provides a configurable breadcrumb which is commonly used as an additional navigation tool for users. The theme outputs the breadcrumb, but does not provide sufficient filtering to prevent a Cross site scripting XSS attack. This vulnerability is mitigated by the...

SA-CONTRIB-2012-079 - Post Affiliate Pro - Cross Site Scripting (XSS) and Access Bypass - Unsupported

Update: this module has been fixed 2014-03-21. Please go the project page and download the most current release. XSS: CVE: CVE-2012-2706 Access bypass: CVE: CVE-2012-3802 Post Affiliate Pro PAP is a module providing affiliate functionality for Ubercart and Post Affiliate Pro application. The modu...

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...

SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF)

CVE: CVE-2012-2341 This module enables you to manage your Drupal file-system from within Drupal itself. The module does not sufficiently validate Ajax calls leading to possibility of a Cross Site Request Forgery CSRF attack. This vulnerability is mitigated by the fact that the attacker must be ab...

SA-CONTRIB-2012-074 - Contact Forms - Access Bypass

CVE: CVE-2012-2340 This module expands the features of the site wide contact form. It eliminates the drop down category menu by generating a clean looking contact form without a drop down menu with a unique path for each of the contact form categories. The module allowed users to edit the Contact...

SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS)

CVE: CVE-2012-2310 This module enables you to create "tag clouds" with taxonomy terms displayed in different sizes depending on how frequently they are used on a site. The module doesn't sufficiently filter user supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

Denial of Service CVE: CVE-2012-1588 Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted...

SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - Cross Site Scripting (XSS) - Unsupported

CVE: CVE-2012-2308 This module provides a page where you can see each content types you've selected under terms from vocabularies you've selected. This module does not properly filter user supplied text resulting in a Cross Site scripting bug. This vulnerability is mitigated by the fact that an...

SA-CONTRIB-2012-068 - Node Gallery - Cross Site Request Forgery (CSRF) - Unsupported

CVE: CVE-2012-2305 Node gallery enable users to create a more flexible and powerful gallery that are fully integrated with Drupal's core node system. This module does not protect a CSRF attack when creating node galleries. Versions affected 6.x-3.1 and before Drupal core is not affected. If you d...

SA-CONTRIB-2012-071 - Glossify - Cross Site Scripting (XSS) - Unsupported

CVE: CVE-2012-2309 This module generates internal node to node, node to taxonomy or node to external URL links crosslinks automatically - ideal for SEO of your site's pages and partner pages. This module does not protect against an Cross Site Scripting XSS attack. The vulnerability is mitigated b...

SA-CONTRIB-2012-069 - Addressbook - Multiple vulnerabilities - Unsupported

This module contains a simple addressbook. The module has multiple issues including SQL Injection and Cross Site Request Forgery. For the SQL Injection issue - CVE: CVE-2012-2306 For the CSRF issue - CVE: CVE-2012-2307 Versions affected 6.x-4.2 and before Drupal core is not affected. If you do no...

SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS)

CVE: CVE-2012-2298 This module allows you to set a pattern for constructing "Real names" for users out of profile fields. The module does not sufficiently escape users' real names under certain circumstances which could lead to a Cross-Site Scripting XSS attack. Versions affected RealName 6.x-1.x...

SA-CONTRIB-2012-067 - Linkit - Access bypass

CVE: CVE-2012-2304 Linkitprovides an easy interface for internal and external linking. Linkit links to nodes, users, managed files, terms and have basic support for all entities by default, using an autocomplete field. When searching for entities, no access restrictions were added and users may s...