Filtered by vendor Drupal
Subscribe
Total
834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5542 | 2 Drupal, Pedro Cambra | 2 Drupal, Commerce Extra Panes | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." | |||||
| CVE-2012-5541 | 2 Drupal, Twitter Pull Project | 2 Drupal, Twitter Pull | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter." | |||||
| CVE-2012-5540 | 2 Drupal, Tekritisoftware | 2 Drupal, Hostip | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5539 | 2 Drupal, Organic Groups Project | 2 Drupal, Organic Groups | 2024-11-21 | 3.5 LOW | N/A |
| The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | |||||
| CVE-2012-5538 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2024-11-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | |||||
| CVE-2012-5537 | 2 Drupal, Simplenews Scheduler Project | 2 Drupal, Simplenews Scheduler | 2024-11-21 | 6.0 MEDIUM | N/A |
| The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. | |||||
| CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2024-11-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | |||||
| CVE-2012-5007 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4554 | 1 Drupal | 1 Drupal | 2024-11-21 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | |||||
| CVE-2012-4553 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.8 MEDIUM | N/A |
| Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | |||||
| CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2024-11-21 | 3.5 LOW | N/A |
| The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | |||||
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2024-11-21 | 5.0 MEDIUM | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | |||||
| CVE-2012-4498 | 2 Drupal, Morbus Iff | 2 Drupal, Activism | 2024-11-21 | 7.5 HIGH | N/A |
| The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | |||||
| CVE-2012-4497 | 2 Devsaran, Drupal | 2 Elegant Theme, Drupal | 2024-11-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | |||||
| CVE-2012-4496 | 2 Drupal, Inclind | 2 Drupal, Custom Pub | 2024-11-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | |||||
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2024-11-21 | 4.0 MEDIUM | N/A |
| The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
| CVE-2012-4494 | 2 Drupal, Niif | 2 Drupal, Shibb Auth | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. | |||||
| CVE-2012-4493 | 2 Drupal, Roy Baxter | 2 Drupal, Better Revisions | 2024-11-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4492 | 2 Drupal, Isaac Sukin | 2 Drupal, Shorten | 2024-11-21 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page. | |||||
| CVE-2012-4491 | 2 Drupal, Earl Dunovant | 2 Drupal, Monthly Archive By Node Type | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors. | |||||