Vulnerabilities (CVE)

Filtered by vendor Drupal Subscribe
Filtered by product Drupal
Total 709 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1738 2 Drupal, Ivanjaros 2 Drupal, Feed Block 2024-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."
CVE-2009-1036 1 Drupal 2 Drupal, Plus1 2024-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
CVE-2009-2237 2 Drupal, Karim Ratib 2 Drupal, Views Bulk Operations 2024-02-28 7.5 HIGH N/A
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).
CVE-2009-1047 1 Drupal 2 Drupal, Print 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
CVE-2008-5999 1 Drupal 2 Ajax Checklist, Drupal 2024-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.
CVE-2009-4066 2 Drupal, Paul Beaney 2 Drupal, Phplist 2024-02-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
CVE-2009-3657 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2024-02-28 5.8 MEDIUM N/A
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-6533 1 Drupal 1 Drupal 2024-02-28 4.3 MEDIUM N/A
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2009-3916 2 Drupal, Ronan Dowling 2 Drupal, Nodehierarchy 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title.
CVE-2009-3654 2 316solutions, Drupal 2 Boost, Drupal 2024-02-28 6.4 MEDIUM N/A
Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.
CVE-2009-1501 2 Drupal, Exif 2 Drupal, Exif 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
CVE-2009-3435 2 Drupal, Moshe Weitzman 2 Drupal, Devel 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
CVE-2008-4710 1 Drupal 2 Drupal, Stock Module 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2074 1 Drupal 2 Drupal, Nodequeue 2024-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.
CVE-2008-6910 2 Drupal, Marc Ingram 2 Drupal, Services 2024-02-28 7.5 HIGH N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
CVE-2008-6383 1 Drupal 2 Drupal, Storm 2024-02-28 6.0 MEDIUM N/A
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-1792 2 Drupal, Drupalr 2 Drupal, Flickr 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3353 2 Drupal, Steve Lockwood 2 Drupal, Node2node 2024-02-28 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVE-2009-2372 1 Drupal 1 Drupal 2024-02-28 6.5 MEDIUM N/A
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
CVE-2009-4062 2 Anon-design, Drupal 2 Printfriendly, Drupal 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.