Filtered by vendor Drupal
Subscribe
Total
842 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0320 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2025-04-11 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | |||||
| CVE-2012-2340 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2025-04-11 | 3.5 LOW | N/A |
| The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. | |||||
| CVE-2012-2300 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1905 | 2 Catalin Florian Radut, Drupal | 2 Zeropoint, Drupal | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-11 | 2.1 LOW | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | |||||
| CVE-2012-6583 | 2 Drupal, Imagemenu Project | 2 Drupal, Imagemenu | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | |||||
| CVE-2010-5275 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2703 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | |||||
| CVE-2012-1647 | 2 Drupal, Mediafront | 2 Drupal, Mediafront | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. | |||||
| CVE-2012-2117 | 2 Drupal, Yaniv Aran-shamir | 2 Drupal, Gigya | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
| CVE-2013-4379 | 2 Drupal, Sebastien Corbin | 2 Drupal, Make Meeting Scheduler Module | 2025-04-11 | 6.4 MEDIUM | N/A |
| The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. | |||||
| CVE-2012-1651 | 2 Drupal, Thinkleft | 2 Drupal, Submenu Tree | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | |||||
| CVE-2013-2715 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. | |||||
| CVE-2013-1786 | 2 Devsaran, Drupal | 2 Company, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7067 | 2 Drupal, Mike Stefanello | 2 Drupal, Og Features | 2025-04-11 | 5.8 MEDIUM | N/A |
| The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | |||||
| CVE-2010-3091 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2012-1660 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | |||||