Filtered by vendor Drupal
Subscribe
Total
857 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6583 | 2 Drupal, Imagemenu Project | 2 Drupal, Imagemenu | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | |||||
| CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
| The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2013-0227 | 2 Drupal, Mathijs Koenraadt | 2 Drupal, Search Api Sorts | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | |||||
| CVE-2012-1653 | 2 Collectivecolors, Drupal | 2 Taxonomy View Integrator Module, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." | |||||
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
| CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | |||||
| CVE-2011-5189 | 2 Drupal, Svendecabooter | 2 Drupal, Webform Validation | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1631 | 2 Databasepublish, Drupal | 2 Admin\, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors. | |||||
| CVE-2010-2352 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | |||||
| CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | |||||
| CVE-2012-3800 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | |||||
| CVE-2011-1662 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | |||||
| CVE-2012-5537 | 2 Drupal, Simplenews Scheduler Project | 2 Drupal, Simplenews Scheduler | 2025-04-11 | 6.0 MEDIUM | N/A |
| The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. | |||||
| CVE-2012-6582 | 2 Drupal, Spambot Module Project | 2 Drupal, Spambot | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. | |||||
| CVE-2013-1778 | 2 Devsaran, Drupal | 2 Creative, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
| CVE-2013-4139 | 2 Drupal, Stage File Proxy Project | 2 Drupal, Stage File Proxy | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | |||||