drupal.org drupal.org

SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS)

Advisory ID: DRUPAL-SA-CONTRIB-2015-076 Project: Image Title (third-party module) Version: 7.x Date: 2015-March-11 Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross Site Scripting Description Image Title module allows you to upload an image and use it as a node title. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross...

frogheart.ca frogheart.ca

Experimental and theoretical physics agree (maybe) on microbial nanowires

Until seeing a March 4, 2015 news item on Nanowerk I had no idea there was a hot and heavy debate between experimental and theoretical physicists concerning microbial nanowires, Scientific debate has been hot lately about whether microbial nanowires, the specialized electrical pili of the mud-dwelling anaerobic bacterium Geobacter sulfurreducens, truly possess metallic-like conductivity as its discoverers claim. But now University of...

drupal.org drupal.org

SA-CONTRIB-2015-075 - Perfecto - Open Redirect

Advisory ID: DRUPAL-SA-CONTRIB-2015-075 Project: Perfecto (third-party module) Version: 7.x Date: 2015-March-11 Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All Vulnerability: Open Redirect Description The Perfecto module allows themers accurately calibrate the CSS by floating compositions over the page. The module doesn't sufficiently check user supplied URLs in parameters used for page...