SA-CONTRIB-2010-043: Wordfilter - Cross Site Scripting

The Wordfilter module implements an input filter that rewrites content to remove improper or foul language. Wordfilter does not sanitize the list of words that are filtered along with their replacements, allowing users with permissions to manage the list of banned words to insert arbitrary HTML a...

SA-CONTRIB-2010-042: LoginToboggan - Session fixation

The LoginToboggan module provides a customized log in workflow. Attackers may be able to exploit the workflow to initiate a session fixation attack. Versions affected LoginToboggan versions for the 5.x and 6.x versions of Drupal Drupal core is not affected. If you do not use the contributed...

SA-CONTRIB-2010-040: FileField - Access Bypass

FileField provides a file upload field for CCK, allowing files to be attached to a node. FileField intends to set a default extension of "txt" for all new fields, but may actually save an empty string allowing all extensions if an administrator does not save the field configuration page after...

SA-CONTRIB-2010-039: CCK TableField - Cross Site Scripting

The CCK TableField module provides a generic method to attach tabular data to a node. CCK TableField does not sanitize table headers before output, allowing anyone with permissions to create or edit a node containing one or more TableField fields to insert arbitrary HTML and script code. Such a...

SA-CONTRIB-2010-041: ImageField - Access Bypass

ImageField provides a file upload field for CCK, allowing files to be attached to a node. ImageField intends to set a default extension of "png jpg gif" for all new fields, but may actually save an empty string allowing all of the "png jpg gif" extensions if an administrator does not save the fie...

SA-CONTRIB-2010-038 - Privatemsg - Access bypass

The Privatemsg module allows to send private messages between users. Additionally, the sub module Privatemsg Email Notification sends e-mail notification when such a message is sent. The page to configure the template for these e-mails does not use the correct access permission which allows all...

SA-CONTRIB-2010-037 - Decisions - Access bypass

Decisions is a replacement for poll.module and provides advanced voting systems and decision-making tools. It aims to enable groups to take decisions online in a manner that replicates and augments what is possible in face-to-face meeting. In some listings, the Decisions module does not construct...

SA-CONTRIB-2010-034 - Internationalization - Cross Site Scripting

The Internationalization module enables translation of user defined strings using Drupal's locale interface. Some of these user defined strings have Input formats associated with them and some of the strings used for translating blocks were not properly filtered before display. Additionally all...

SA-CONTRIB-2010-035: Smileys - Cross Site Request Forgery

The Smileys module provides a text filter that substitutes emoticons with images. The module is vulnerable to cross-site request forgeries CSRF via the URL used to delete smileys. A user with "administer smileys" permission could be tricked into visiting the smiley delete URL and unwittingly remo...

SA-CONTRIB-2010-036 - Views - multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. Views accepts parameters in the URL and uses them in an AJAX callback. The values were not filtered, thus allowing injection of JavaScript code via the AJAX response. A user tricke...

SA-CONTRIB-2010-032 - Taxonomy Breadcrumb - Cross Site Scripting (XSS)

The Taxonomy Breadcrumb module generates taxonomy based breadcrumbs on node pages and taxonomy/term pages. This module does not properly sanitize taxonomy term name and, for 6.x, node titles when displayed in breadcrumbs, leading to a Cross Site Scripting XSS vulnerability. XSS vulnerabilities ma...

SA-CONTRIB-2010-033 - Taxonomy Filter - Cross Site Scripting (XSS)

The Taxonomy Filter module enables users to filter node listings by multiple taxonomy terms across multiple vocabularies. Vocabulary names, terms, and filter menus are not sanitized, creating a Cross Site Scripting XSS vulnerability. Exploiting this vulnerability would allow a malicious user to...

SA-CONTRIB-2010-030: Mime Mail - Arbitrary code execution

The Mime Mail module is an helper module providing support for MIME mails, for use by other modules. Due to improper use of the PCRE regular expression engine, users with the ability to send HTML email with the Mime Mail module were able to execute arbitrary PHP code on the server. Versions...

SA-CONTRIB-2010-031 - Menu Block - Cross Site Scripting (XSS)

The Menu Block module generates full or partial menu trees that are presented in configurable blocks. When partial menu trees are displayed, the block title uses the text from the partial menu tree's parent menu item. However, that text is not properly sanitized, leading to a Cross Site Scripting...

SA-CONTRIB-2010-028 - Tag Order - Cross Site Scripting

Tag Order module allows you to select vocabularies whose terms you would like to preserve in the original order entered per node. Taxonomy vocabulary names are not sanitized when being displayed on an administrative page, leading to a cross-site scripting XSS vulnerability. Such an attack may lea...

SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution

Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...

SA-CONTRIB-2010-029: Keys - Cross-site Request Forgery

The Keys module provides management of various API keys. The module is vulnerable to cross-site request forgeries CSRF via the keys delete form. This would allow a malicious user to trick an admin with the "administer keys" permission into deleting keys by directing them to the url via link or...

SA-CONTRIB-2010-026 - Monthly Archive by Node Type - Access Bypass

The Monthly Archive by Node Type module generates monthly archive pages and a block with links to the pages. You can specify the node types that will be included in the archive pages. In some summary listings, the Monthly Archive by Node Type module does not construct its SQL query to respect nod...

SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS)

The TinyMCE module provides a "WYSIWYG" tool for entering rich text into various parts of a site. The TinyMCE module displayed text entered by an admin without filtering that text leading to a Cross Site Scription XSS vulnerability. XSS vulnerabilities may expose site administrative accounts whic...

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. Installation cross site scripting A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet...

SA-CONTRIB-2010-021 - AddThis Button - Cross Site Scripting

The AddThis module provides an easy way to share content to over 230 supported services such as Facebook, Email and Twitter. The module did not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer addthis'...

SA-CONTRIB-2010-024 - eTracker - Cross Site Scripting

The eTracker module provides integration of a Drupal site with the eTracker web traffic analysis service and takes the current URL as a parameter to track what pages have been visited. The URL from the browser is forwarded to JavaScript in the current page, and because the URL wasn't sanitised, i...

SA-CONTRIB-2010-022 - Internationalization - Arbitrary code execution

The Internationalization module enables translation of user defined strings using Drupal's locale interface. Some of these user defined strings have Input formats associated with them. As translators can translate texts before they go through the Input filters, using some filters like the PHP...

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...

SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass

The Weekly Archive by Node Type module generates weekly archive pages and a block with links to the pages. You can specify the node types that will be included in the archive pages. In weekly summaries listings, the Weekly Archive by Node Type module does not construct its SQL query to respect no...

SA-CONTRIB-2010-020 - Facebook-style Statuses (Microblog) - Access bypass

The Facebook-style Statuses Microblog module enables each user to have a stream of messages "statuses" like on Facebook. Users can update their own status as well as write messages to other users by visiting the other user's profile. When a user updates his own status and then updates it again...

SA-CONTRIB-2010-018 - Content Distribution - Multiple Vulnerabilities

Content Distribution module allows calling a method to delete particular nodes using a XML-RPC call. When this method is allowed to be called by anonymous users in user permissions, an attacker might delete a random node. In addition, certain actions require Content Distribution to temporarily...

SA-CONTRIB-2010-017 - iTweak Upload - Cross Site Scripting

iTweak Upload does not escape file names when displaying uploaded files. This allows a malicious user with the permission to create content and upload files to perform a Cross Site Scripting XSS attack. Versions affected iTweak Upload 6.x-2.x prior to 6.x-2.3 iTweak Upload 6.x-1.x prior to 6.x-1....

SA-CONTRIB-2010-016 - Graphviz Filter - arbitrary code execution

Graphviz Filter does not properly filter user input via @command option in node body, leading to a possible Arbitrary Shell Code Execution vulnerability. This vulnerability allows a remote attacker with the ability to create content using a Graphviz input filter to execute an arbitrary shell code...

SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution

The Signwriter module allows the use of TrueType fonts to replace text in headings, blocks, menus and filtered text. This vulnerability allows a remote attacker with the ability to create content using an input filter created with a Signwriter profile to execute arbitrary PHP code on an affected...

SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution

The Node export module allows users to export and import nodes. Node export does not warn administrators that users with the "access administration pages" permission together with the "import nodes" permission can execute arbitrary PHP statements during the import operation. Versions affected Nod...

SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting

The Menu Breadcrumb module allows to use the menu the current page belongs to as breadcrumb. The module does not properly sanitize parts of the provided block, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user gaining full administrative access...

SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)

ODF Import module enables users of a Drupal site to import content created in the ODF format e.g. using OpenOffice.org. When importing content it always used an input format which might not be available to the user importing the content leading to a cross-site scripting XSS vulnerability. Such an...

SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting

Feedback module enables users and visitors of a Drupal site to quickly send feedback messages about the currently displayed page. When displaying reports about submitted feedback, the module does not properly sanitize the user agent strings from the Browscap module before display, leading to a...

SA-CONTRIB-2010-010 - Author Contact - Cross site scripting

The Author Contact module provides a form to contact the author of the current post. The module does not properly sanitize parts of the provided block, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user gaining full administrative access. A user must...

SA-CONTRIB-2010-007 - Control Panel - Cross Site Scripting

The Control Panel module enables users to add a new graphical control panel page. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer blocks' permission are able to exploit this...

SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting

Recent Comments module provides a high-performance, fully themable block of recent comments. This release includes a fix for a cross-site scripting XSS vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom tit...

SA-CONTRIB-2010-009 - Block Class - Cross Site Scripting

Block Class module allows users to add classes to any block through the block's configuration interface. This release includes a fix for a cross-site scripting XSS vulnerability through which JavaScript could be inserted in the class field of a block's configuration interface. Versions affected...

SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting

The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer biblio' permission are able to exploi...

SA-CONTRIB-2010-005 - Own Term - Cross site scripting

The Own Term module allows users to create taxonomy terms in a designated vocabulary and when creating content this term is automatically added to the node. The module does not sanitize the term description on a term listing page which opens a cross-site scripting XSS attack. Users with a role...

SA-CONTRIB-2010-004 - Node block - Cross site scripting

This module allows you to specify content types as being a block. This allows the content managers of the site to edit the block text and title without having to access the block administration page. Users only need edit access to that node in order to edit it. Users with administer block access...

SA-CONTRIB-2010-003 - Forward - Cross site scripting

This module allows users to forward a link to a specific node on your site to a friend. The Forward module does not properly sanitize user supplied data, allowing users with the "access administration pages" and "administer forward" permissions, or users with "access administration pages" and...

SA-CONTRIB-2010-002 - Currency Exchange - Cross site scripting

This module provides a site with the ability to display currency exchange rates. The module does not sanitize some of the user-supplied data before logging it to the watchdog, leading to a cross-site scripting XSS vulnerability. Versions affected Currency Exchange version prior to 6.x-1.2 Drupal...

SA-CONTRIB-2010-001 - Wunderbar - Cross Site Scripting

The Wunderbar! module provides a floating bar with configurable buttons and the ability to link off to social networking sites. The module does not properly escape user names, potentially allowing a cross site scripting XSS attack which may lead to the user gaining full administrative access. The...

SA-CONTRIB-2009-115 - Autocomplete Widgets for CCK Text and Number - Information Disclosure

Autocomplete Widgets module adds 2 autocomplete widgets for CCK fields of type Text and Number. The autocomplete callback implemented by this module does not honor permissions to access CCK fields, allowing users to see field values even though they are not authorized to access that information...

SA-CONTRIB-2009-113 - FAQ - Cross Site Scripting

The Frequently Asked Questions faq module allows users, with the appropriate permissions, to create question and answer pairs which are displayed on the 'faq' page, and in the random and recent FAQ blocks. The module does not sanitize some of the user-supplied data before displaying it, leading t...

SA-CONTRIB-2009-114 - Automated Logout - Cross Site Scripting

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module does not sanitize some of the user-supplied data before displaying it, leading to a cross-site scripting XSS vulnerability. Users who can take advantage of this vulnerability...

SA-CORE-2009-009 - Drupal Core - Cross site scripting

Multiple vulnerabilities were discovered in Drupal. Contact category name cross-site scripting The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the...

SA-CONTRIB-2009-112 - Sections - Cross Site Scripting

The Sections module allows the creation of sections within a site. Each section has an installed template, theme or style attached to it. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Users who can take...

SA-CONTRIB-2009-111 - Randomizer - Cross Site Scripting

The Randomizer module assists researchers and students who want an easy way to perform random sampling or assign participants to experimental conditions. It accepts form input as parameters for generating a pseudo-random list of numbers. The module does not sanitize some of the user-supplied data...