Filtered by vendor Drupal
Subscribe
Total
838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2572 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes. | |||||
| CVE-2009-4517 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | |||||
| CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | |||||
| CVE-2009-3915 | 2 Drupal, John C Fiala | 2 Drupal, Link | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. | |||||
| CVE-2009-4534 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2025-04-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | |||||
| CVE-2008-0274 | 1 Drupal | 1 Drupal | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | |||||
| CVE-2007-1035 | 1 Drupal | 3 Audio Module, Getid3, Mediafield Module | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | |||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2025-04-09 | 7.5 HIGH | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | |||||
| CVE-2009-1823 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. | |||||
| CVE-2008-2999 | 1 Drupal | 2 Aggregation Module, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1342 | 1 Drupal | 2 Cck Comment Reference, Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2025-04-09 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-3783 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2025-04-09 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2008-4792 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
| The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | |||||
| CVE-2008-1131 | 1 Drupal | 1 Drupal | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | |||||
| CVE-2009-3354 | 2 Andrew Sterling Hanenkamp, Drupal | 2 Rest Api Module, Drupal | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2007-3689 | 1 Drupal | 1 Print Module | 2025-04-09 | 7.8 HIGH | N/A |
| The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | |||||
| CVE-2007-1033 | 1 Drupal | 1 Secure Site Module | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. | |||||