UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ce
The Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.
70f531879deaaf37ddbaa94bb6cc139601124e7c2ba8a519650348b97938972d
Drupal version 6.22 with Finder version 6.x-1.9 suffers from code execution and cross site scripting vulnerabilities.
bc5bc7291e47cd928211933f2d494e8136c2644c4d6690eaa62b5d3f085f4987
Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.
8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80e
Drupal version 6.20 with String Overrides version 6.x-1.8 and Drupal version 5.21 with String Overrides version 5.x-1.8 suffer from a cross site scripting vulnerability.
4886ee54f2d7167744489a6e50bdf6359d0772cfb3bb6eedc3e6b62a29164bf5
AeroMail version 2.80 suffers from cross site request forgery and cross site scripting vulnerabilities.
7d8348ae426db7749bce33b433bb0507a0f5501f057b7a688857e2ebaf601f48
Drupal version 6.20 with Webform 6.x-2.10, Drupal version 7.0 with Webform 7.x-3.9, and Drupal with Webform 5.x-2.10 suffer from a cross site scripting vulnerability.
86969780e0c29c50c061717a7410ebf22550a712b72b091795725d2c804bfc1d
The Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.
33023e6063d14ffdaada37d384498349e1d019e88d22a6bd58eef458b22376b7
Drupal version 6.20 with Data version 6.x-1.0-alpha14 suffers from cross site scripting and remote SQL injection vulnerabilities.
46eef7ea59d38b661e543d3aaba60f8b3839c80236b4b0afc2de402f2b8e5e30
The Drupal Panels module suffers from a cross site scripting vulnerability.
aa5cfc88566f07e1009870ca9ea3e273c1b7bbcae3e506c69c86ba57bfc6bf5b
The Drupal Custom Pagers module suffers from a cross site scripting vulnerability.
cab16e3ac4743cefc8da1868c35b89ad4f17bc21940d4376a82f748a39ce0426
Drupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a remote shell upload vulnerability.
e48961e06a533cdacb83ae8fbdad0975b4725257cfb9d09b3c3f24ddff09fb8a
Drupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a cross site scripting vulnerability.
3e4fc930adc768a98c38cadb8899485067256c5adccd77f043a3393b44404281
Drupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a cross site scripting vulnerability.
942aa53253a2fea2261b05afd7ad82385ca049ed6118c536ad6802209f62795c
e107 version 0.7.22 suffers from cross site request forgery and cross site scripting vulnerabilities.
18d87a1b6633c7641658c0f1c3580accf0a28d401bcf0ac63de69bd33dc3896f
Drupal version 6.16 with OG Menu version 6.x-2.0 suffers from a cross site scripting vulnerability.
90ba50652c68e07d46bed384d999ee9ffe0b6ebe74a4d3578bb1841d6fd8f9fa
NuralStorm Webmail version 0.985b suffers from cross site scripting, disclosure and shell upload vulnerabilities.
87b1b77abb1761e2c38189b3ae0aea0e15431e70b50b65cbf6474919342c5afc
Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.
195ac8bf25a0d707e3dc03d63a39790bd60056ef575e948ce4d41f1c34ef8240
Drupal version 6.16 with Ctools version 6.x-1.3 suffers from php code execution and cross site request forgery vulnerabilities.
02708ebc4a7031d1ab08b6893f5465c38bd939d369d6a4680693dddb7adbde18
Drupal version 6.16 with Context 6.x-2.0-rc3 suffers from a cross site scripting vulnerability.
60da3e51c76210519e7e81f11c5f70fbb360bdfc9c1cc11b08f832b7508a79c7
Task Freak version 0.6.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c2e4cad3acc7ebac98343078acf155f038484525fd60cc340c10109c9c504e8f
Drupal version 6.16 with Better Formats version 6.x-1.2 suffers from a cross site scripting vulnerability.
1583fef88d5e7e8ecd74daf3c557126159e3862b4dccc8a9f398f8ce70f7be62
Drupal 6.15 with Twitter module version 6.x-2.6 suffers from a clear text credential storage vulnerability.
f184fe692d1293ed78a1fa021abafba9d09c38eb50ed2aebbfb5e19fb19a59bd
dotProject version 2.1.3 suffers from a cross site scripting vulnerability.
6a41f1c88b87339033dbbb43f92739c1f8be8e37050efa0cdbb345277320d5eb
Magento Community Edition version 1.3.2.43 suffers from cross site scripting vulnerabilities.
dbd525978d8ace31114ca6b8b08a0aa779f3c2209c1480624da0447ea6beeb0f