Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0182 | 2 Bart Feenstra, Drupal | 2 Payment, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | |||||
CVE-2012-5552 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2024-02-28 | 5.0 MEDIUM | N/A |
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." | |||||
CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2024-02-28 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2012-4482 | 2 Drupal, Longwaveconsulting | 2 Drupal, Ubercart Securetrading Payment Method Module | 2024-02-28 | 5.0 MEDIUM | N/A |
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | |||||
CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-1589 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | |||||
CVE-2012-4497 | 2 Devsaran, Drupal | 2 Elegant Theme, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | |||||
CVE-2012-1654 | 2 Alex Barth, Drupal | 2 Data, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. | |||||
CVE-2012-4469 | 2 Drupal, Simon Rycroft | 2 Drupal, Hashcash | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module. | |||||
CVE-2012-1653 | 2 Collectivecolors, Drupal | 2 Taxonomy View Integrator Module, Drupal | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." | |||||
CVE-2013-0319 | 2 Drupal, Yandex.metrics Project | 2 Drupal, Yandex Metrics | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | |||||
CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-02-28 | 2.1 LOW | N/A |
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | |||||
CVE-2012-2298 | 2 Drupal, Nancy Wichmann | 3 Drupal, Realname, Realname | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." | |||||
CVE-2013-6388 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | |||||
CVE-2013-6387 | 1 Drupal | 1 Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | |||||
CVE-2012-6065 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2024-02-28 | 4.6 MEDIUM | N/A |
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553. | |||||
CVE-2013-1778 | 2 Devsaran, Drupal | 2 Creative, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2024-02-28 | 10.0 HIGH | N/A |
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | |||||
CVE-2012-5538 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | |||||
CVE-2013-1785 | 2 Devsaran, Drupal | 2 Responsive, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |