Filtered by vendor Drupal
Subscriptions
Total
834 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-1342 | 1 Drupal | 2 Cck Comment Reference, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | ||||
CVE-2012-4469 | 2 Drupal, Simon Rycroft | 2 Drupal, Hashcash | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module. | ||||
CVE-2008-6836 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | ||||
CVE-2012-1636 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | ||||
CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2024-09-16 | N/A |
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | ||||
CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2024-09-16 | N/A |
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | ||||
CVE-2010-3685 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2024-09-16 | N/A |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
CVE-2017-6929 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-09-16 | N/A |
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module. | ||||
CVE-2012-5591 | 2 Catalin Florian Radut, Drupal | 2 Zeropoint, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. | ||||
CVE-2014-7980 | 1 Drupal | 1 Zen | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. | ||||
CVE-2009-4829 | 3 Drupal, James Glasgow, John Vandervort | 3 Drupal, Autologout, Autologout | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5654 | 2 Drupal, Nodewords Project | 2 Drupal, Nodewords | 2024-09-16 | N/A |
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. | ||||
CVE-2012-2307 | 2 Drupal, Plaatsoft | 2 Drupal, Addressbook | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2012-5556 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2024-09-16 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
CVE-2009-4602 | 1 Drupal | 2 Drupal, Randomizer | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | ||||
CVE-2012-5553 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. | ||||
CVE-2012-2309 | 2 Drupal, Wearepropeople | 2 Drupal, Glossify Internal Links Auto Seo | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | ||||
CVE-2013-0182 | 2 Bart Feenstra, Drupal | 2 Payment, Drupal | 2024-09-16 | N/A |
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. |