SA-CONTRIB-2012-016 - Forward module CSRF and Access bypass

The Forward module enables you to add a "forward this page" link to each node. The link takes regular site visitors to a form where they can generate an email to a friend. The module exhibits multiple vulnerabilities as described below. The module includes "Recent forwards" and "Most forwarded"...

SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection

CVE: CVE-2012-1638 The Search Autocomplete module allows you to add autocomplete functionality to the search fields of a Drupal site. Search Autocomplete does not properly use Drupal's database API, making it possible for a malicious user to carryout SQL injection on the site. This vulnerability ...

SA-CONTRIB-2012-014 - Drupal Commerce - Cross Site Scripting (XSS)

CVE: CVE-2012-1639 Drupal Commerce is a flexible eCommerce framework built on Drupal 7 that lets you construct any type of eCommerce website. Part of its flexibility lies in its ability to render product fields into node displays through the product reference field used to build dynamic Add to Ca...

SA-CONTRIB-2012-015 - Managesite - Cross Site Scripting (XSS)

CVE: CVE-2012-1640 This module provides a way to build a control panel similar to the one provided by Drupal 7 on the admin zone /admin. The module doesn't sufficiently filter user supplied text in the administration settings. This vulnerability is mitigated by the fact that an attacker must have...

SA-CONTRIB-2012-011 - Panels - Cross Site Scripting (XSS)

CVE: CVE-2012-0914 The Panels module allows a site administrator to create customized layouts for multiple uses. The module doesn't sufficiently sanitize administrator supplied data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer pane...

SA-CONTRIB-2012-009 - Revisioning - Access bypass

CVE: CVE-2012-1635 This module enables you to create moderation publication workflows, allowing authors to create content that isn't visible to the public until it has been approved by a moderator/publisher. The module's implementation of hooknodeaccess assumes that access is to granted/denied...

SA-CONTRIB-2012-012 - Quicktabs - Cross Site Scripting (XSS)

CVE: CVE-2012-1637 The Quick Tabs module allows users to create blocks of tabbed content, specifying a title for the block and the individual tabs. Quick Tabs does not do sufficient filtering of user supplied text which presents a cross site scripting vulnerability. This vulnerability is mitigate...

SA-CONTRIB-2012-010 - stickynote - Multiple vulnerabilities

CVE: CVE-2012-1636 This module enables you to add textual notes in a block to perform quality assurance of your site. Previously it did not sufficiently protect against Cross Site Scripting XSS or Cross Site Request Forgery CSRF. This vulnerability is mitigated by the fact that an attacker must...

SA-CONTRIB-2013-004 - Live CSS - Arbitrary Code Execution

This module enables you to save CSS and LESS files on the server via your browser. The module doesn't check that the file being saved isn't a script or executable. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer CSS". CVE identifiers...

SA-CONTRIB-2012-004 - Date - SQL injection

CVE: CVE-2012-1626 This module enables you to add and administer date fields to nodes. It includes Date Tools, that allows users to convert nodes created with the Event module into Date fields. The conversion form for Events is vulnerable to SQL injection. This vulnerability is mitigated by the...

SA-CONTRIB-2012-005 - Vote up/down - Cross Site Scripting

CVE: CVE-2012-1627 This module enables you to add voting widgets to nodes, terms and comments. The vudterm sub-module doesn't sufficiently sanitize taxonomy terms before display. In order to execute arbitrary script injection malicious users must have the ability to create or edit taxonomy terms...

SA-CONTRIB-2012-006 XSS and CSRF in Multiple Modules - Supercron, Taxotouch, Admin:hover, Taxonomy Navigator no longer supported

CVE: CVE-2012-1628 SuperCron is a complete replacement for Drupal's built-in Cron functionality. The module is vulnerable to Cross Site Scripting. The vulnerability is mitigated by an attacker needing to gain an account with "access administration pages" permission. CVE: CVE-2012-1629 Taxotouch...

SA-CONTRIB-2012-008 - Video Filter - Cross Site Scripting

CVE: CVE-2012-1634 The Video Filter module lets you display videos from various third party sources. When videos from Blip.tv are shown, the module fails to sanitize source data before display. This vulnerability is mitigated by the fact that the attacker has to be able to either control the sour...

SA-CONTRIB-2012-007 - Password Policy - Multiple vulnerabilities

This module enables you to specify a certain level of password complexity aka. "password hardening" for user passwords on a system by defining a policy. Cross Site Request Forgery CSRF CVE: CVE-2012-1633 Unblocking a user does not require sufficient confirmation by administrative users and can be...

SA-CONTRIB-2012-001 - Registration Codes - Access bypass

CVE: CVE-2012-1623 The Registration Codes module enables site administrators to restrict registration for new accounts to only users who provide a valid registration code. The default module installation provides no access check for the registration code list, leading to a vulnerability that allo...

SA-CONTRIB-2012-002 - Lingotek - Cross Site Scripting

CVE: CVE-2012-1624 This module enables you to translate a website's content using tools provided by the Lingotek Collaborative Translation Network. The module doesn't sufficiently sanitize user input when creating or editing page content. This allows a malicious content editor to potentially inpu...

SA-CONTRIB-2012-003 - Fill PDF - Multiple vulnerabilities

CVE: CVE-2012-1625 This module enables you to populate fillable PDF templates with data from nodes and webforms. Access bypass 7.x only Incorrectly-ordered arguments in a call to the function that handles the main functionality of the module makes it possible for an attacker to trigger any PDF to...

SA-CONTRIB-2011-059 - Meta tags quick - Cross Site Scripting (XSS)

The Meta tags quick module provides a simple tool to add meta tags to a site. The module doesn't consistently filter user input which could lead to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

SA-CONTRIB-2011-056 - Webform Validation Cross Site Scripting

The Webform Validation module enables you to add form validation rules to Webform components through a UI. The module contains multiple cross site scripting XSS vulnerabilities due to the fact that it fails to sanitize certain user entered text prior to displaying in the browser. This vulnerabili...

SA-CONTRIB-2011-057 - Support Ticketing System - Cross Site Scripting (XSS)

The Support Ticketing System module provides a basic ticketing system and helpdesk that is native to Drupal, offering complete email integration. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS vulnerabilities. This vulnerability is...

SA-CONTRIB-2011-058 - Support Timer - Cross Site Scripting (XSS)

The Support Timer module adds a javascript-based timer to the Support Ticketing System for tracking how long users are working on support tickets, as well as administrative reports. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS...

SA-CONTRIB-2011-053 - Quiz - Cross Site Scripting

Quiz module allows the creation and taking of tests that are scored either automatically or manually by a teacher. The module contains several cross site scripting XSS vulnerabilities that can be exploited when quizzes are being created. These vulnerabilities are mitigated by the fact that an...

SA-CONTRIB-2011-055 - Webform CiviCRM Integration - Multiple vulnerabilities

The Webform CiviCRM Integration module extends the functionality of the Webform Module to link form submissions with a CiviCRM database. Version 2.0 of the module added form validation based on CiviCRM data type. A flaw in the implementation of this feature caused other validation handlers to fai...

SA-CONTRIB-2011-054 - CKEditor - Access bypass

The CKEditor module allows Drupal to replace textarea fields with the CKEditor - a visual HTML editor, sometimes called WYSIWYG editor. The module doesn't protect private files appropriately. Private files can downloaded by anyone able to guess their URL. CVE identifiers issued CVE-2011-4972...

SA-CONTRIB-2011-051 - Hotblocks module - multiple vulnerabilities

The HotBlocks module provides a rich experience for managing blocks. The module contained multiple vulnerabilities including Cross Site Scripting XSS, Access Bypass, and Cross Site Request Forgery CSRF. XSS is mitigated by the fact that an attacker must have a role with the permission "administer...

SA-CONTRIB-2011-052 - Views SQL Injection

The Views module enables you to list content in your site in various ways. The module doesn't sufficiently escape database parameters for certain filters/arguments on certain types of views with specific configurations of arguments. Versions affected Views 6.x-2.x versions prior to 6.x-2.13 Drupa...

SA-CONTRIB-2011-050 - Organic groups - Access bypass

Organic groups OG enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. OG has an API function to check access to an entity which is in a group "context". When the entity isn't in a...

SA-CONTRIB-2011-049 - Cumulus - Cross Site Scripting (XSS)

The Cumulus module allows you to display your site's tags using a 3D Flash animation. The module ships with a Flash file cumulus.swf that contains a cross site scripting XSS vulnerability that can be exploited when a user is made to view a specially crafted URL. If the user is logged in to an...

SA-CONTRIB-2011-048 - Certificate Login SQL Injection

The Certificate login module provides client certificate authentication of Drupal users. The authentication is based on the client certificate's data fields, which are then used as the user name for authentication. The obtained data isn't properly sanitized using Drupal's database API, which may...

SA-CONTRIB-2011-045 - Rate module Cross Site Scripting

The Rate module provides flexible rate widgets. These widgets are refreshed via AJAX after voting. The AJAX callback does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert...

SA-CONTRIB-2011-046 - Echo - Multiple Vulnerabilities

The Echo module generates a fully-themed Drupal page, returning the rendered page as a text string and allowing other modules to style an HTML message as if it had been generated by the live website. The module does not properly sanitize user-supplied content, resulting in a Cross-Site Scripting...

SA-CONTRIB-2011-047 - OG Features access bypass

OG Features provides a mechanism for groups to enable or disable certain bundles of functionality, of features, within the groups they administer. The module is able to turn components on and off within given groups by overriding the access callbacks of every menu item, and checking conditions...

SA-CONTRIB-2011-044 - Homebox for Organic Groups Cross Site Scripting

Homebox allows site administrators to create dashboards for their users, using blocks as widgets. Blocks in a Homebox page are resizeable, and reorderable by dragging. Homebox OG is a submodule of Homebox which allows Organics Groups administrators to specify a Homebox to be used as the group...

SA-CONTRIB-2011-043 - Petition Node - Cross Site Scripting

Petition node module allows the creation of petition nodes to collect signatures to show support for a cause. The module contains a cross site scripting XSS vulnerability that can be exploited when signing a petition. This vulnerability is mitigated by the fact that it normally requires the 'sign...

SA-CONTRIB-2011-042 Views Bulk Operations - Cross Site Scripting

The Views Bulk Operations VBO module allows actions and rules to be run on the selected views rows nodes, terms, user, etc. It also bundles several convenient actions. One of those actions allows the bulk modification of taxonomy terms on a node. When using the "Modify node taxonomy terms" action...

SA-CONTRIB-2011-041 - Hostmaster (Aegir) - Cross Site Scripting

Hostmaster Aegir provides a system for managing Drupal sites. The theme in Hostmaster, Eldir, does not sanitize the custom body classes correctly leading to a cross site scripting XSS vulnerability that can be exploited when a user is made to view a specially crafted URL. If the user is logged in...

SA-CONTRIB-2011-040 Author Pane access bypass

The Author Pane module provides information about users on a site. This module has integration with several other modules including the user locations of the Location module. If you enabled display of user locations the Author Pane module may have shown user locations to site visitors who did not...

SA-CONTRIB-2011-037- Node Invite - Cross Site Scripting

The Node Invite module allows you to invite users with existing accounts or otherwise to specified nodes on a Drupal site. This module does not properly use t strings to ensure all text was sanitized when data was output through a formseterror message, thus creating a Cross Site Scripting XSS...

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

This module enables you to override whole vocabularies or individual terms with the View of your choice. The module did not filter user entered term descriptions for Cross Site Scripting XSS injections. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities

This module enables you to set alarms for your IRC bot. The module does not properly escape the message and channels of alarms in pages listing the alarms, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2011-036 - Addresses - Cross Site Scripting

This module enables you to link your users and contents to physical addresses. The module doesn't sufficiently filter output when displaying an address. This vulnerability is mitigated by the fact that the module doesn't use the single line display by default, an administrator has to enable that...

SA-CONTRIB-2011-035 Forward module - Open redirect

The Forward module enables you to add a "forward this page" link to each node. The link takes regular site visitors to a form where they can generate an email to a friend. The module doesn't check to ensure that the page being forwarded refers to an internal path. This could allow someone to hard...

SA-CONTRIB-2011-033 - iWebkit - Cross Site Scripting

iWebKit is a web toolkit designed to create iPhone and iPod touch compatible websites and webapps. iWebkit does not properly sanitize menu links when displayed, allowing a malicious user to embed scripts in menu items, thus creating a cross site scripting XSS vulnerability that may lead to an...

SA-CONTRIB-2011-032 - Mail Logger - Cross Site Scripting

The Mail Logger module logs all outgoing e-mails and provides users with the "access mail logger" permission to view logged e-mails. The module does not sanitize the log output of addressee information, subject, and body, leading to a Cross-Site Scripting XSS vulnerability that may lead to a...

SA-CONTRIB-2011-034 - Display Suite - Cross Site Scripting

Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. Arrange your nodes, views, comments, user data etc. the way you want without having to work your way through dozens of template files. In certain situations, Display Suite does not...

SA-CORE-2011-003 - Drupal core - Access bypass

CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...

SA-CONTRIB-2011-029 - Taxonomy Filter - Cross Site Scripting

The Taxonomy Filter module enables users to filter taxonomy listings to find content tagged by multiple terms. Older versions of the module were susceptible to a Cross Site Scripting XSS attack by way of vocabulary names. The vulnerability was mitigated by the fact that an attacker must have a ro...

SA-CONTRIB-2011-030 - Devel - Cross Site Request Forgery

The devel module is designed as a tool to accelerate Drupal software development. One of its features enables a highly permissioned developer to quickly switch to another user's account, without providing credentials. The module is vulnerable to Cross Site Request Forgeries CSRF via the links and...

SA-CONTRIB-2011-031 - SunMailer - Access bypass

SunMailer Newsletter creates an email newsletter that users can subscribe to. The module includes a page where authenticated users can view and/or edit their newsletter subscription. Access to this page was accidentally granted to anonymous users, creating an access bypass that disclosed all user...

SA-CONTRIB-2011-027 -Facebook Share - Cross Site Scripting (XSS)

This module enables Drupal site administrators to add a Facebook Share button to selected content type nodes. The module doesn't sufficiently check the override text or button size input fields on the module configuration form to prevent against an XSS exploit. This vulnerability is mitigated by...