SA-CONTRIB-2009-062 - Devel - Cross Site Scripting

The Devel module contains many useful developer functions, such as a query log and the display of variables. When using the variable editor, the module does not properly sanitize the output of the variable name before display, leading to a cross-site scripting XSS vulnerability. Such an attack ma...

SA-CONTRIB-2009-059 - OpenID - Multiple vulnerabilities

The contributed OpenID module for Drupal 5 allows users to create an account or log into a Drupal site using one or more OpenID identities. The module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore ab...

SA-CONTRIB-2009-058 - Comment RSS - Access bypass

The Comment RSS module provides RSS feeds for comments on individual nodes. The link to this feed contains the node's title. Adding the link to the RSS feed was not respecting access permissions, potentially exposing content not available otherwise. Versions affected Comment RSS for Drupal 5.x...

SA-CONTRIB-2009-057 - Date - Cross Site Scripting

The Date module provides a date CCK field that can be added to any content type. The Date module does not properly escape user data correctly in some cases when setting the page title. A malicious user with permission to post date content could attempt a cross site scripting XSS attack when...

SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID association cross site request forgeries The OpenID module in Drupal 6 allows users to create an account or log into a Drupal site using one or more OpenID identities. The core OpenID module does not correctly implement For...

SA-CONTRIB-2009-055 - BUEditor - Cross Site Scripting

The BUEditor module provides a plain textarea editor designed to facilitate code writing. The module suffers from a Cross Site Scripting XSS vulnerability, which allows an attacker to hijack the account of a logged in user by tricking them into visiting a seemingly innocent page using the Live...

SA-CONTRIB-2009-056 - Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API with vulnerabilities, now abandoned

Multiple vulnerabilities have been found in the following modules which have been abandoned. Their releases have been unpublished and it is recommended that they be disabled and un-installed if in use. Modules Node2Node Node Browser Subdomain Manager Quota by role Rest API Drupal core is not...

SA-CONTRIB-2009-053 - Ajax Table - Multiple vulnerabilities

The Ajax Table module allows one to create AJAX-refreshable tables by supplying a few parameters. Access bypass The module lacks access checks, which makes it possible for any user to delete arbitrary users and nodes. The module contains a number of security issues. Cross site scripting The modul...

SA-CONTRIB-2009-054 - Go - url redirects - Multiple vulnerabilities

The Go - url redirects gotwo module adds the option to add redirected URLs. This module was found to have multiple vulnerabilities. Arbitrary PHP code execution Due to improper use of the PCRE regular expression engine, users with permission to use the input filter provided by the module are able...

SA-CONTRIB-2009-051 - ImageCache - Multiple vulnerabilities

ImageCache allows one to setup presets for image processing to create derivatives. ImageCache will dynamically generate a derivative on access if it doesn't exist. Cross site scripting Users with the "administer imagecache" permission are able to execute cross site scripting attacks because the...

SA-CONTRIB-2009-052 - Printer, e-mail and PDF versions - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module doesn't properly escape a number of user-supplied variables before output. A user who has the permission to add content could attempt a cross site scripting XSS attack which may in some...

SA-CONTRIB-2009-050 - Webform report - Cross site scripting

Webform report allows users to create simple, dynamic reports based on data collected by the webform module. When displaying the results of Webform submissions, the module does not properly escape user entered data, leading to a cross-site scripting XSS vulnerability. Versions affected Webform...

SA-CONTRIB-2009-046 - Date - Cross Site Scripting

The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools...

SA-CONTRIB-2009-048 - Bibliography Module - Cross Site Scripting

The Bibliography module Biblio allows users to manage and display lists of scholarly publications. The module contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display. A user who has the permission to create content displayed by the...

SA-CONTRIB-2009-049 - Live - Privilege escalation, Impersonation

The Live module provides dynamic previews of content. When editing certain content nodes, the current user becomes logged in as the content's original author. Versions affected Live for Drupal 6.x prior to 6.x-1.2 Drupal core is not affected. If you do not use the contributed Live module, there i...

SA-CONTRIB-2009-047 - Calendar - Cross Site Scripting

The Calendar module enables Views module to display any Date module date field as a calendar. The module does not properly escape user input when displaying titles of content types that have Date fields. A user with permission to create new content types including via the Date module's Date Tools...

SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities

Bubbletimer allows users to create timesheets based on nodes. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing node titles before they are displayed. It is also vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly add...

SA-CONTRIB-2009-045: Moderation - Cross Site Request Forgery

The Moderation module uses Ajax to provide a dynamic moderation queue for nodes and comments. The module is vulnerable to cross-site request forgeries CSRF via the AJAX hooks used to toggle the moderation bit. It allows a non-administrative user to trick an admin into publishing arbitrary moderat...

SA-CONTRIB-2009-042 - Submitted By - Cross Site Scripting

Submitted By is a module to let you control the format of the "Submitted by" information on your content per content type. This module does not properly escape user input used in building the string to display the "submitted by" text. Only administrators with the 'administer content types'...

SA-CONTRIB-2009-043 - Image Assist - Multiple vulnerabilities

The Image Assist module for Drupal 5.x and 6.x allows users to upload and insert inline images into posts. Two vulnerabilities and weaknesses were discovered in the contributed Image Assist module. Cross site scripting The node title is treated as if it was safe text, and is not escaped before...

SA-CONTRIB-2009-041 - Nodequeue - Access bypass

The Nodequeue module enables an administrator to arbitrarily put nodes in a group with an arbitrary order for any purpose, such as providing a listing of nodes or featuring a particular node. On the queue administration screen, users with permission to manipulate a queue are presented with an...

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML an...

SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities

Cross-site scripting The Advanced Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scriptin...

SA-CONTRIB-2009-039 - Links Package - Cross Site Scripting

The Links Package is a multi-module set for managing URL links in a master directory, and attaching them in various ways to your content pages. The Links Related module of the Links Package does not properly escape user input used as the title on certain pages. A user with privileges to create...

SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. In the Views UI administrative interface when configuring exposed filters, user input presented as possible exposed filters is not correctly filtered, potentially allowing maliciou...

SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities

The Nodequeue module enables an administrator to arbitrarily put nodes in a group for some purpose, such as providing a listing of nodes or featuring a particular node. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing vocabulary names before they are...

SA-CONTRIB-2009-035 - Booktree - Cross site scripting

Booktree takes as input a series of Book nodes and create a tree-like structure using Book node relationships.The Booktree module does not properly escape node title and node body on tree root pages. A user with privileges to create book pages could attempt a cross site scripting XSS attack which...

SA-CONTRIB-2009-034 - Taxonomy manager - Cross site scripting

The Taxonomy manager module provides additional tools for administering taxonomy through Drupal. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not properly escape some user-supplied data...

SA-CONTRIB-2009-036 - Services - Impersonation

The Services module provides integration of external applications with Drupal. Service callbacks may be used with multiple interfaces like XMLRPC, SOAP, REST, AMF. When key based access is enabled any user may view or add keys, allowing a third party to access services they would not otherwise be...

SA-CONTRIB-2009-032 - Webform - Cross-site scripting

The Webform module provides a node type which is typically used to enable site visitors to fill in questionnaires, contact or request/registration forms, surveys, polls, or other forms on a Drupal site. When displaying the results of Webform submissions, the module does not properly filter user...

SA-CONTRIB-2009-033 - Quiz - Cross site scripting

The Quiz module provides tools for authoring and administering quizzes through Drupal. A quiz is given as a series of questions, with only one question appearing per page. Scores are then stored in the database. The module does not properly escape user-supplied data on some pages, allowing...

SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities

The Ajax session module allows users to set PHP session variables using AJAX. The module does not make proper use of the Drupal API, leaving it open to multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting XSS. Versions affected Ajax Session 5.x-1.0 Drupal...

SA-CONTRIB-2009-029 - Views Bulk Operations - Access Bypass

Views Bulk operations allows registered procedures called actions to be applied on a result set of Drupal nodes, returned by the Views module. Through the Views Bulk Operations interface, it is possible to let users who are not authorized to update specific nodes or classes of nodes, to still app...

SA-CONTRIB-2009-030 - Email Verification - Information disclosure / Cross Site Scripting

The Email Verification module tries to verify user email addresses by talking to the appropriate SMTP host. It also allows the administrator to access a list of not confirmed email addresses. In the Drupal 5 version, this list is only protected by the "access content" permission, hence allowing a...

SA-CONTRIB-2009-027 - Printer, e-mail and PDF versions - Cross-site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

SA-CONTRIB-2009-026 - LoginToboggan - Access bypass

LoginToboggan includes a setting which, if enabled, allows users to log in using either their username or e-mail address. In some circumstances, previously blocked users may still be able to access the site if this setting is enabled. Versions affected LoginToboggan 6.x-1.x prior to 6.x-1.5...

SA-CONTRIB-2009-028 - Feed Block - Cross Site Scripting

The Feed Block module creates a block with one externalsyndicated article for each feed source from selected feed category. Feed block doesn't properly escapes aggregator items allowing users with administer news feeds permission to inject arbitrary code into the site. Such a cross site scripting...

SA-CORE-2009-006 - Drupal core - Cross site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

SA-CORE-2009-005 - Drupal core - Cross site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery

The Fivestar module provides a voting widget for content and records votes using Ajax. The URL used by the javascript to register votes is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Fivestar 5.x-1.x prior to...

SA-CONTRIB-2009-022 - Exif - Cross Site Scripting

The Exif module enables users to display EXIF tags in images on the site. EXIF tags are not properly filtered for HTML input, allowing users with permission to upload images to inject arbitrary code into the site using a specially crafted image. Such a cross site scripting XSS attack may lead to ...

SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass

Node Access User Reference enables administrators to automatically grant node access view, update, or delete to a node where the user is referenced by CCK user reference. When such a field is saved with an empty value, Node Access User Reference mistakes this for a reference to the anonymous user...

SA-CONTRIB-2009-023 - News Page - SQL injection

The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...

SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting

CCK comment reference project, lets administrators define node fields that are references to comments. When displaying a node edit form, the titles of candidate referenced comments are not properly filtered, allowing malicious users to inject arbitrary code on those pages. Such a cross site...

SA-CONTRIB-2009-020 - Print - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module does not correctly escape content titles, enabling malicious users to insert arbitrary HTML and scripts into certain pages. Such a cross site scripting XSS attack against sufficiently...

SA-CONTRIB-2009-019 - Localization client - Cross site scripting

The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. When displaying translatable strings and their completed translations, the module does not escape the data. If used to translate the Drupal core interface, this is not a...

SA-CONTRIB-2009-018 - Feed element mapper - Cross site scripting

Feed element mapper is an Add-on module for FeedAPI that maps elements on a feed item such as tags or the author name to taxonomy or CCK fields. These mappings are configurable by point and click. The module does not escape content titles enabling malicious users to insert arbitrary HTML and...

SA-CONTRIB-2009-016 - Wikitools - Cross site scripting

The Wikitools module provides several options to get a more wiki-like behavior for Drupal. On several pages, the Wikitools module prints out a parameter without escaping it. Malicious users are thus able to execute a cross site scripting XSS attack when they entice users to visit a specifically...

SA-CONTRIB-2009-017 - Vote Up/Down - Cross-site request forgery

The Vote Up/Down module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Vote Up/Down 5.x-1.x prior to 5.x-1.1 Vote Up/Down...

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...