Filtered by vendor Drupal
Subscribe
Total
838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6298 | 1 Drupal | 1 Shoutbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. | |||||
| CVE-2009-0817 | 1 Drupal | 2 Drupal, Protected Node Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. | |||||
| CVE-2008-3741 | 1 Drupal | 1 Drupal | 2025-04-09 | 3.5 LOW | N/A |
| The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | |||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | |||||
| CVE-2009-4528 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. | |||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2008-0463 | 1 Drupal | 1 Workflow | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. | |||||
| CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | |||||
| CVE-2008-4597 | 1 Drupal | 1 Shindig-integrator | 2025-04-09 | 7.5 HIGH | N/A |
| Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2008-4790 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
| The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | |||||
| CVE-2008-3095 | 1 Drupal | 1 Organic Groups Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | |||||
| CVE-2009-4526 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | |||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | |||||
| CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | |||||
| CVE-2008-0273 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | |||||
| CVE-2007-5596 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files. | |||||
| CVE-2008-4789 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
| The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | |||||
| CVE-2008-3091 | 1 Drupal | 1 Taxonomy Autotagger Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||