Filtered by vendor Drupal
Subscribe
Total
834 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4475 | 2 Drupal, Security Questions Project | 2 Drupal, Security Questions | 2024-02-28 | 5.0 MEDIUM | N/A |
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors. | |||||
CVE-2012-2117 | 2 Drupal, Yaniv Aran-shamir | 2 Drupal, Gigya | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2024-02-28 | 3.5 LOW | N/A |
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | |||||
CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2024-02-28 | 5.0 MEDIUM | N/A |
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2013-1905 | 2 Catalin Florian Radut, Drupal | 2 Zeropoint, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2024-02-28 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-1590 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.0 MEDIUM | N/A |
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | |||||
CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2024-02-28 | 4.0 MEDIUM | N/A |
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2024-02-28 | 4.9 MEDIUM | N/A |
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | |||||
CVE-2012-1632 | 2 Drupal, Erik Webb | 2 Drupal, Password Policy | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. | |||||
CVE-2012-2066 | 2 Ckeditor, Drupal | 3 Ckeditor, Fckeditor, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2057 | 2 Drupal, Miura | 2 Drupal, Ubercart Bulk Stock Updater | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. | |||||
CVE-2012-1652 | 3 Drupal, Wim Leers, Wimleers | 3 Drupal, Hierarchical Select, Hierarchical Select | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." | |||||
CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||||
CVE-2012-5587 | 2 Drupal, Epiqo | 2 Drupal, Email | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | |||||
CVE-2012-6576 | 2 Antti Alamki, Drupal | 2 Prh Search, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | |||||
CVE-2012-2059 | 2 Drupal, Steve Lockwood | 2 Drupal, Ticketyboo News Ticker | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2310 | 2 Drupal, Oleg Kovalchuk | 2 Drupal, Cctags | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2081 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2024-02-28 | 5.0 MEDIUM | N/A |
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. |