Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5545 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings." | |||||
| CVE-2009-4829 | 3 Drupal, James Glasgow, John Vandervort | 3 Drupal, Autologout, Autologout | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2310 | 2 Drupal, Oleg Kovalchuk | 2 Drupal, Cctags | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4554 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | |||||
| CVE-2014-1475 | 1 Drupal | 1 Drupal | 2025-04-11 | 7.5 HIGH | N/A |
| The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | |||||
| CVE-2012-2907 | 2 Drupal, Ishmael Sanchez | 2 Drupal, Aberdeen | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | |||||
| CVE-2012-4468 | 2 Drupal, Privatemsg Project | 2 Drupal, Privatemsg | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | |||||
| CVE-2012-5553 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. | |||||
| CVE-2012-2081 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. | |||||
| CVE-2012-2070 | 2 Andrew Levine, Drupal | 2 Multiblock, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title. | |||||
| CVE-2012-4494 | 2 Drupal, Niif | 2 Drupal, Shibb Auth | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. | |||||
| CVE-2012-6583 | 2 Drupal, Imagemenu Project | 2 Drupal, Imagemenu | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | |||||
| CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
| The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2013-0227 | 2 Drupal, Mathijs Koenraadt | 2 Drupal, Search Api Sorts | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | |||||
| CVE-2012-1653 | 2 Collectivecolors, Drupal | 2 Taxonomy View Integrator Module, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." | |||||
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
| CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | |||||
| CVE-2011-5189 | 2 Drupal, Svendecabooter | 2 Drupal, Webform Validation | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1631 | 2 Databasepublish, Drupal | 2 Admin\, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors. | |||||
| CVE-2010-2352 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | |||||