Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2013-4139 | 2 Drupal, Stage File Proxy Project | 2 Drupal, Stage File Proxy | 2024-02-28 | 5.0 MEDIUM | N/A |
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | |||||
CVE-2013-0321 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | |||||
CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
CVE-2012-5584 | 2 Drupal, M2osw | 2 Drupal, Tableofcontents | 2024-02-28 | 4.3 MEDIUM | N/A |
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | |||||
CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2024-02-28 | 2.1 LOW | N/A |
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | |||||
CVE-2012-3800 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | |||||
CVE-2012-2307 | 2 Drupal, Plaatsoft | 2 Drupal, Addressbook | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | |||||
CVE-2012-4476 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2708 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | |||||
CVE-2012-4485 | 2 Drupal, Manuel Garcia | 2 Drupal, Galleryformatter | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. | |||||
CVE-2012-0827 | 1 Drupal | 1 Drupal | 2024-02-28 | 3.5 LOW | N/A |
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | |||||
CVE-2012-2907 | 2 Drupal, Ishmael Sanchez | 2 Drupal, Aberdeen | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | |||||
CVE-2012-1658 | 2 Drupal, Fourkitchens | 2 Drupal, Ed Readmore | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-1066 | 2 Drupal, Reyero | 2 Drupal, Messaging | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2024-02-28 | 5.0 MEDIUM | N/A |
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | |||||
CVE-2010-4520 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. | |||||
CVE-2011-1664 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2010-1074 | 2 2bits, Drupal | 2 Currency, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. |