|
269151
|
- |
|
webform_matrix_component_project
|
webform_matrix_component
|
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5494
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269152
|
- |
|
entityform_block_project
|
entityform_block
|
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityform…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5493
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269153
|
- |
|
video_consultation_project
|
video_consultation
|
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5492
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269154
|
- |
|
dynamic_display_block_project
|
dynamic_display_block
|
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddb…
|
CWE-200
Information Exposure
|
CVE-2015-5491
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269155
|
- |
|
views_project
|
views
|
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attack…
|
CWE-200
Information Exposure
|
CVE-2015-5490
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269156
|
- |
|
smart_trim_project
|
smart_trim
|
Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5489
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269157
|
- |
|
thinkshout
|
mailchimp
|
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5488
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269158
|
- |
|
techsmith
|
camtasia_relay
|
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" p…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5487
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269159
|
- |
|
dev4press
|
gd_bbpress_attachments
|
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab…
|
CWE-22
Path Traversal
|
CVE-2015-5482
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269160
|
- |
|
dev4press
|
gd_bbpress_attachments
|
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab p…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5481
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
