Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2024-09-16 | N/A |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
CVE-2009-4990 | 2 Drupal, Jrbcs | 2 Drupal, Webform Report | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | ||||
CVE-2012-4476 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-0321 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
CVE-2012-5540 | 2 Drupal, Tekritisoftware | 2 Drupal, Hostip | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5588 | 2 Drupal, Epiqo | 2 Drupal, Email | 2024-09-16 | N/A |
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | ||||
CVE-2010-3094 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | ||||
CVE-2014-5019 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use. | ||||
CVE-2019-6339 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-09-16 | N/A |
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. | ||||
CVE-2013-0205 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
CVE-2009-2083 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." | ||||
CVE-2009-2074 | 1 Drupal | 2 Drupal, Nodequeue | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names. | ||||
CVE-2009-4514 | 2 Astha Bhatnagar, Drupal | 2 Shindigintegrator, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-6921 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource. | ||||
CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2013-1787 | 2 Devsaran, Drupal | 2 Corporate, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2024-09-16 | N/A |
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2013-0320 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | ||||
CVE-2010-1536 | 2 Drupal, Mearra | 2 Drupal, Addthis | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |