Filtered by vendor Drupal
Subscribe
Total
834 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2068 | 2 Drupal, Tiger-fish | 2 Drupal, Fancy Slide | 2024-02-28 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. | |||||
CVE-2012-2309 | 2 Drupal, Wearepropeople | 2 Drupal, Glossify Internal Links Auto Seo | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0205 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
CVE-2013-0246 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | |||||
CVE-2012-4492 | 2 Drupal, Isaac Sukin | 2 Drupal, Shorten | 2024-02-28 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page. | |||||
CVE-2013-6385 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.1 MEDIUM | N/A |
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. | |||||
CVE-2012-5542 | 2 Drupal, Pedro Cambra | 2 Drupal, Commerce Extra Panes | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." | |||||
CVE-2012-4468 | 2 Drupal, Privatemsg Project | 2 Drupal, Privatemsg | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | |||||
CVE-2012-2060 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1636 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | |||||
CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||||
CVE-2012-2706 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | |||||
CVE-2012-1645 | 2 Drupal, Wimleers | 2 Drupal, Cdn | 2024-02-28 | 2.6 LOW | N/A |
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. | |||||
CVE-2012-1657 | 2 Drupal, Fourkitchens | 2 Drupal, Block Class | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. | |||||
CVE-2012-2729 | 2 Adcillc, Drupal | 2 Simplemeta, Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. | |||||
CVE-2012-2065 | 2 Drupal, Freso | 2 Drupal, Languageicons | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4470 | 2 Drupal, Philip Ludlam | 2 Drupal, Listhandler | 2024-02-28 | 7.5 HIGH | N/A |
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | |||||
CVE-2012-2723 | 2 Blaine Lang, Drupal | 2 Maestro, Drupal | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | |||||
CVE-2013-1393 | 2 Curvycorners, Drupal | 2 Curvycorners, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. |