Filtered by vendor Drupal
Subscribe
Search
Total
709 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4829 | 3 Drupal, James Glasgow, John Vandervort | 3 Drupal, Autologout, Autologout | 2010-04-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1536 | 2 Drupal, Mearra | 2 Drupal, Addthis | 2010-04-27 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1530 | 2 Drupal, Reyero | 2 Drupal, I18n | 2010-04-27 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. | |||||
| CVE-2010-1362 | 2 Ben Jeavons, Drupal | 2 Ownterm, Drupal | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4602 | 1 Drupal | 2 Drupal, Randomizer | 2010-01-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4514 | 2 Astha Bhatnagar, Drupal | 2 Shindigintegrator, Drupal | 2010-01-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4515 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2010-01-08 | 5.0 MEDIUM | N/A |
| The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. | |||||
| CVE-2009-4517 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2010-01-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | |||||
| CVE-2009-4516 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2010-01-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4518 | 2 Drupal, Mark Burton | 2 Drupal, Insertnode | 2010-01-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. | |||||
| CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2010-01-06 | 5.0 MEDIUM | N/A |
| The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | |||||
| CVE-2009-4526 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2010-01-04 | 5.0 MEDIUM | N/A |
| The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | |||||
| CVE-2009-4534 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2010-01-04 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2009-12-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4207 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2009-12-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. | |||||
| CVE-2009-3921 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Smartqueue Og | 2009-11-10 | 4.0 MEDIUM | N/A |
| The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | |||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2009-10-27 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2009-10-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2009-10-08 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-3479 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2009-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | |||||
| CVE-2009-3437 | 2 Drupal, Henriksjokvist | 2 Drupal, Markdown Preview | 2009-09-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." | |||||
| CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2009-09-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3352 | 2 Drupal, Roshan Shah | 2 Drupal, Quota By Role | 2009-09-25 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2009-09-24 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3354 | 2 Andrew Sterling Hanenkamp, Drupal | 2 Rest Api Module, Drupal | 2009-09-24 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3157 | 2 Drupal, Karen Stevenson | 2 Drupal, Calendar | 2009-09-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | |||||
| CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2009-07-27 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | |||||
| CVE-2009-2373 | 1 Drupal | 1 Drupal | 2009-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2009-07-08 | 6.5 MEDIUM | N/A |
| Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | |||||
| CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2009-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2291 | 2 Chad Phillips, Drupal | 2 Logintoboggan, Drupal | 2009-07-01 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2008-6835 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6836 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | |||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2009-06-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | |||||
| CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2009-06-19 | 7.5 HIGH | N/A |
| Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | |||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2009-06-19 | 4.0 MEDIUM | N/A |
| Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | |||||
| CVE-2009-2074 | 1 Drupal | 2 Drupal, Nodequeue | 2009-06-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names. | |||||
| CVE-2009-2083 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2009-06-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." | |||||
| CVE-2009-2078 | 2 Drupal, Heine.familiedeelstra | 2 Drupal, Booktree | 2009-06-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | |||||
| CVE-2009-2079 | 1 Drupal | 2 Drupal, Taxonomy Manager | 2009-06-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names. | |||||
| CVE-2009-2035 | 1 Drupal | 1 Services Module For Drupal | 2009-06-15 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | |||||
| CVE-2009-1844 | 1 Drupal | 1 Drupal | 2009-06-08 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575. | |||||
| CVE-2009-1942 | 1 Drupal | 1 Quiz | 2009-06-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1576 | 1 Drupal | 1 Drupal | 2009-05-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks. | |||||
| CVE-2009-1501 | 2 Drupal, Exif | 2 Drupal, Exif | 2009-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | |||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2009-05-13 | 7.5 HIGH | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | |||||
| CVE-2009-1343 | 1 Drupal | 2 Drupal, Print | 2009-04-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. | |||||
| CVE-2009-1344 | 1 Drupal | 2 Drupal, Localization Client | 2009-04-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. | |||||
| CVE-2009-1342 | 1 Drupal | 2 Cck Comment Reference, Drupal | 2009-04-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | |||||