Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-5r66-vgc7-2mm3: Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0.

ghsa
Open in Source
#xss#vulnerability#web#auth
GHSA-36vv-q5jv-94cj: Drupal Google Tag Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS). This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.

GHSA-qchr-8m24-7v66: Drupal Google Tag Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery. This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.

GHSA-gf72-h4cp-wcm4: Drupal Open Social Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.

GHSA-jwpx-6c4p-q4jq: Drupal Authenticator Login Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing. This issue affects Authenticator Login: from 0.0.0 before 2.0.6.

GHSA-vx9m-rfxq-gr74: Drupal AI Vulnerable to OS Command Injection

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

GHSA-jv6r-mj9p-9xff: Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery. This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.

GHSA-rhxm-r44m-4325: Drupal Ignition Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS). This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4.

GHSA-8r2q-865v-wm8j: Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting (XSS). This issue affects SpamSpan filter: from 0.0.0 before 3.2.1.

GHSA-qq45-cqhg-jwx5: Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery. This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.