SA-CONTRIB-2011-028 - Simple Clean - Cross Site Scripting

Simple Clean is a simple and stripped clean theme for Drupal. The theme contains a cross site scripting XSS vulnerability that can be exploited when posting comments. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "post comments". Versions affect...

SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities

This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the users database column but does not replace the pass attribute of the account object used for password reset links. This leads to a vulnerability...

SA-CORE-2011-002 - Drupal core - Access bypass

CVE: CVE-2011-2687 Access bypass in node listings Listings showing nodes but not JOINing the node table show all nodes regardless of restrictions imposed by the nodeaccess system. In core, this affects the taxonomy and the forum subsystem. This issue only affects sites using a node access module...

SA-CONTRIB-2011-025 - Juitter & Download Count - Cross Site Scripting (XSS)

Two modules are being unsupported due to cross site scripting issues. The Juitter module enables you to use Juitter, a jQuery plugin, to put live Twitter search results on your site. The Juitter module contains a cross site scripting XSS vulnerability that can be exploited when setting up the...

SA-CONTRIB-2011-022 - Cosign - SQL Injection

Under certain conditions the module deletes uid 1 and then does an unparameterized dbquery to insert a new uid 1. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer site configuration" and must be able to remotely manipulate the web serve...

SA-CONTRIB-2011-023 - Prepopulate - Multiple vulnerabilities

The Prepopulate module enables pre-populating forms in Drupal using the $REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting XSS possibility in certain circumstances. Users privileged to use forms with certain form fields can insert arbitrary HT...

SA-CONTRIB-2011-024 - Spam - Cross Site Request Forgery (CSFR)

The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of...

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...

SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities

Webform module enables you to create custom webform or survey nodes. These nodes typically may be created either by editorial teams or administrators. Webform does not sufficiently check directory access when a user configures an upload field. This may allow a user to upload malicious files to th...

SA-CONTRIB-2011-020 - Taxonomy Access Control Lite (tac_lite) - Cross Site Scripting

The taclite module allows site administrators to hide nodes and taxonomy terms from users without permission to view them. The permission to view terms can be granted to a specific user, or all users with a specific role. The module doesn't sufficiently strip markup when rendering taxonomy names,...

SA-CONTRIB-2011-019 - Menu Access - Cross Site Scripting

The Menu Access module provides global, menu specific, and per menu item security permissions by role and user account. The Menu Access module contains a cross site scripting XSS vulnerability that can be exploited when a specially formatted menu description is viewed. This could result in...

SA-CONTRIB-2011-018 - Node Reference URL Widget - Cross Site Scripting

The Node Reference URL Widget module adds a new widget to the Node Reference field type, allowing node reference fields to be auto-populated based on a value from the URL. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS...

SA-CONTRIB-2011-017 - Save Draft - Validation Bypass

The Save Draft module adds a "Save as draft" button to the node form, letting content creators easily save a post in unpublished draft form. The module adds validation to individual form actions, thereby bypassing any form-wide validation that is normally performed before saving content. This is ...

SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure

The Node Quick Find module provides a block to quickly access nodes by title via an auto-completing text field. The module does not use dbrewritesql when generating the list of node titles, allowing users to see the titles of nodes to which they may not have access. Access to the node itself is n...

SA-CONTRIB-2011-015 - Translation Management - Multiple Vulnerabilities

This Translation Management module helps to manage the process of translating content on your site. The module has several vulnerabilities. It doesn't sufficiently escape user text when printed to the browser nor when used in database queries resulting in Cross Site Scripting XSS and SQL Injectio...

SA-CONTRIB-2011-014 - Webform Block - Cross Site Scripting

The Webform Block module enables users to make a webform available as a block. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative access. The...

SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)

Tagadelic module offers various ways to display terms and vocabularies in a tag cloud on a page or in a block. The module does not sanitize the taxonomy vocabulary names and descriptions when displayed on listing pages or blocks, leading to a Cross-Site Scripting XSS vulnerability that may lead t...

SA-CONTRIB-2011-012 - Spaces - Access bypass

The Spaces module makes sitewide configuration options available to be overridden by individual "spaces" on a Drupal site. Spaces provides a Views module access plugin that does not properly check its permission setting which may allow underprivileged users to visit certain pages. This...

SA-CONTRIB-2011-011 - Secure Pages - Open redirect

The Secure Pages module allows administrators to choose certain URLs that must be delivered over HTTPS. An open redirection bug allows an attacker to formulate a URL in a way that redirects the user to an arbitrarily provided URL. Versions affected Secure Pages module for Drupal 6.x versions prio...

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...

SA-CONTRIB-2011-008 - Chatroom - Cross Site Scripting (XSS) and Cross Site Request Forgery

The Chatroom module provides real-time chat capabilities to Drupal. Vulnerability: Cross Site Scripting The module does not properly escape the contents of chat messages in pages listing the chats contained in a chatroom, leading to a Cross Site Scripting XSS vulnerability. Any user with permissi...

SA-CONTRIB-2011-004 - Multiple Vulnerabilities In Multiple Contributed Modules

Versions affected and proposed solutions OG Forum for Drupal 6.x OG Forum creates a forum per organic group and restricts viewing forum nodes by group membership. OG Forum does not properly implement access controls on private forums it creates, which can lead to a private group's forums becoming...

SA-CONTRIB-2011-007 - Userpoints Cross Site Scripting

The Userpoints module allows users to gain points through specific actions like contributing content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative...

SA-CONTRIB-2011-005 - AES encryption - Information disclosure

Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible, thus an attacker with the knowledge of which user last logged in may access th...

SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)

The contributed flag page module provides an additional flag type to allow you to flag pages so you can bookmark any URL on your site including views, panels, administration pages or site contact page. The module does not sanitize the flag titles when displayed in blocks, leading to a Cross-Site...

SA-CONTRIB-2011-009 - Droptor - SQL Injection

The Droptor module connects a Drupal site to Droptor.com, a Drupal monitoring and management solution. When capturing memory logging information the module does not filter the value input from the current page request variable. This vulnerability can be exploited to perform an SQL Injection attac...

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...

SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)

The Panels module allows a site administrator to create customized layouts for multiple uses. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative access...

SA-CONTRIB-2011-001 - Webform - SQL Injection

The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. The module does not properly use the database API, leading to an SQL Injection...

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

The oEmbed module allows a Drupal site to embed content from oEmbed-providers as well as for a site to become an oEmbed-provider itself so that other oEmbed-enabled websites can embed its content. If an external site requested to embed a node, the oEmbed provider did not check node access,...

SA-CONTRIB-2010-113 - Image - Cross Site Scripting

The Image module project contains supplemental modules, one of which, Image gallery, allows users to create and maintain galleries of image nodes using taxonomy terms. The Image gallery module does not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS...

SA-CONTRIB-2010-111 - Views - Cross Site Scripting

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS vulnerability. An attacker cou...

SA-CONTRIB-2010-110 - Drupal For Firebug - Cross-site Request Forgery

The Drupal For Firebug module allows developers to use Firebug to get debugging information about their Drupal installation. The module does not properly protect the form used to submit PHP code against Cross-site Request Forgeries CSRF, allowing a malicious user to trick an authorized user into...

SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities

1 - Arbitrary File Upload/Code Execution Vulnerability The Embedded Thumbnail module packaged with the project allows users who upload videos to upload their own thumbnails to replace The Drupal Embedded Media Field module. Unfortunately, the Embedded Thumbnail Module contains a vulnerability tha...

SA-CONTRIB-2010-108 - Who Bought What|Ubercart - Multiple Vulnerabilities

The Who Bought What-module collects and displays relevant information about purchases, including purchaser name, quantity, payment status, and all attributes. The module does not properly sanitize arguments passed via the URL when used in SQL queries, leading to a SQL Injection vulnerability...

SA-CONTRIB-2010-106 - Comment Edited - Cross Site Scripting

The Comment Edited module displays a customizable message at the bottom of a comment when it has been edited. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...

SA-CONTRIB-2010-107 - Services - Access bypass

The Services module allows users to expose Drupal functionality to remote users. Services provides the ability for users to update nodes contained in a drupal install via the services api. When using using the node.save service it is possible for a user to supply a specifically crafted node or...

SA-CONTRIB-2010-105 - Outline Designer - Cross Site Request Forgery

Outline Designer allows for easier creation and management of items in a Book. The Outline Designer modules does not properly protect some of its paths against Cross Site Request Forgeries CSRF, allowing an attacker to get a user with the permission to administer site configuration to change any...

SA-CONTRIB-2010-104 - Relevant Content - Information Disclosure

The Relevant Content module provides a block and CCK field which contain links to other nodes on the site which are considered "relevant" to the current nodes based on number of shared taxonomy terms. The Relevant Content module does not implement node access logic properly, resulting in the...

SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting

The Category tokens module exposes additional tokens for the first and last terms related to a node for each vocabulary. The module does not sanitize the vocabulary names when displayed in token help, leading to a Cross-Site Scripting XSS vulnerability that may lead to a malicious user gaining fu...

SA-CONTRIB-2010-103 - Node Relativity - Multiple vulnerabilities

The Node Relativity module allows parent-child relationships between nodes to be established, managed and searched. The Node Relativity module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability which can be used by a maliciou...

SA-CONTRIB-2010-101 - Watcher - Multiple Vulnerabilities

The Watcher module lets users subscribe to nodes so they receive email notifications when comments are posted or nodes are changed. The Watcher module did not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability which can be used by a...

SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure

This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...

SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass

Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a...

SA-CONTRIB-2010-098 - Memcache - Multiple vulnerabilities

The Memcache project provides an alternative cache backend which works with memcached program to speed up high traffic sites. The memcache backend caches the current $user object a little too aggressively, which can lead to a role change not being recognized until the user logs in again. The...

SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities

The Imagemenu module allows users to create and maintain image based menus. The Drupal 5 branch of this module contains a Cross Site Request Forgery CSRF vulnerability which could allow a malicious user to trick an administrator into unintentionally enabling or disabling menu items provided by th...

SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass

The Embedded Media Field project is a set of modules that enable editors to post URL's and embed codes for third party media providers such as YouTube, Vimeo, or Flickr, which will be automatically parsed and displayed using preset formatters. The Embedded Video Field module packaged with the...

SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities

The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data...

SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities

The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting XSS vulnerability that...

SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities

Advanced Taxonomy Blocks makes use of the JQuery menu module to create extremely customizable blocks for browsing through single hierarchy taxonomies. The module contained Cross Site Scripting vulnerabilities which could allow a malicious user with one of several non-default permissions to inject...