2 matches found
CVE-2008-5999
CVE-2008-5999: In Drupal’s Ajax Checklist module (5.x) versions before 5.x-1.1, a cross-site scripting (XSS) vulnerability exists. Remote authenticated users with create/edit permissions for posts can inject arbitrary script/HTML via the ajax_checklist filter. Affected component is the Drupal Aja...
CVE-2008-5998
CVE-2008-5998 describes multiple SQL injection vulnerabilities in the Ajax Checklist module for Drupal (5.x before 5.x-1.1). The flaws allow remote authenticated users, with the update ajax checklists permission, to execute arbitrary SQL commands via a save operation, with the vulnerability tied ...