2 matches found
CVE-2008-2850
CVE-2008-2850 describes a SQL injection in the TrailScout module for Drupal (5.x before 5.x-1.4). The vulnerability arises because the module does not sanitize user input in the session cookie before using it in database queries, enabling remote attackers to manipulate queries and potentially dis...
CVE-2008-2849
CVE-2008-2849 affects the Drupal TrailScout module (5.x) prior to 5.x-1.4. The issue is a Cross-site Scripting (XSS) vulnerability that can be triggered by remote authenticated users with create post permissions, enabling insertion of arbitrary web script or HTML via unspecified vectors. The sour...