Filtered by vendor Drupal
Subscribe
Total
834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1823 | 1 Drupal | 2 Drupal, Print | 2024-02-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. | |||||
| CVE-2008-3091 | 1 Drupal | 1 Taxonomy Autotagger Module | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4149 | 1 Drupal | 1 Link To Us | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field. | |||||
| CVE-2009-3652 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | |||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2024-02-28 | 7.5 HIGH | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | |||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2009-0817 | 1 Drupal | 2 Drupal, Protected Node Module | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. | |||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2024-02-28 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2009-1575 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | |||||
| CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | |||||
| CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2024-02-28 | 6.4 MEDIUM | N/A |
| The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | |||||
| CVE-2009-3785 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2009-3354 | 2 Andrew Sterling Hanenkamp, Drupal | 2 Rest Api Module, Drupal | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3479 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | |||||
| CVE-2009-2083 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." | |||||
| CVE-2009-3780 | 2 Ashok Modi, Drupal | 2 Abuse, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4531 | 1 Drupal | 1 Brilliant Gallery | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. | |||||
| CVE-2008-3000 | 1 Drupal | 1 Aggregation Module | 2024-02-28 | 6.8 MEDIUM | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2008-3740 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||