Filtered by vendor Drupal
Subscribe
Total
842 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6582 | 2 Drupal, Spambot Module Project | 2 Drupal, Spambot | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. | |||||
| CVE-2012-4476 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1639 | 2 Commerceguys, Drupal | 2 Commerce, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. | |||||
| CVE-2009-4772 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2025-04-11 | 5.0 MEDIUM | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | |||||
| CVE-2012-6576 | 2 Antti Alamki, Drupal | 2 Prh Search, Drupal | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1781 | 2 Devsaran, Drupal | 2 Professional Theme, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5030 | 2 Drupal, Valthbald | 2 Drupal, Meta Tags Quick | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." | |||||
| CVE-2012-1629 | 2 Dmitry Loac, Drupal | 2 Taxotouch, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | |||||
| CVE-2012-2061 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens." | |||||
| CVE-2012-1636 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | |||||
| CVE-2013-4446 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | 6.8 MEDIUM | N/A |
| The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection. | |||||
| CVE-2012-4493 | 2 Drupal, Roy Baxter | 2 Drupal, Better Revisions | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2073 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Bundle Copy | 2025-04-11 | 6.0 MEDIUM | N/A |
| The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2012-4471 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors. | |||||
| CVE-2012-2076 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1393 | 2 Curvycorners, Drupal | 2 Curvycorners, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5653 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-11 | 6.0 MEDIUM | N/A |
| The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. | |||||
| CVE-2012-2705 | 2 Christopher Mitchell, Drupal | 2 Smart Breadcrumb, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | |||||