- Drupal Core is prone to a form action attribute injection vulnerability because it fails to properly verify user-supplied input. An attacker may leverage this issue to redirect Drupal form submissions to a third-party site under his control, thus gaining access to sensitive information such as e-mail addresses and possible other private profile data. Drupal Core versions 4.6.x ranging from 4.6.0 and up to and including 4.6.9 are vulnerable.
- Update to Drupal Core version 4.6.10 or latest
- WordPress Plugin WooCommerce PHP Object Injection (3.1.0)
- WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)
- Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.10)
- WordPress Plugin Product Catalog Arbitrary File Upload (3.8.6)
- WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.27)