Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
The EveryBlog module for Drupal is prone to multiple vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these vulnerabilities may allow attackers to:
- Execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user.
- Manipulate the SQL query logic to carry out unauthorized actions on the underlying database.
- Gain access to sensitive areas of the application without the appropriate privileges.
Versions up to and including EveryBlog 2.0 are vulnerable.