Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-1060 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters. | ||||
CVE-2009-4207 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. | ||||
CVE-2013-0260 | 2 Drupal, Elliot Pahl | 2 Drupal, Drush Debian Packaging | 2024-09-16 | N/A |
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | ||||
CVE-2013-0323 | 2 Display Suite Project, Drupal | 2 Ds, Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | ||||
CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-09-16 | N/A |
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2012-2310 | 2 Drupal, Oleg Kovalchuk | 2 Drupal, Cctags | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-6931 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module. | ||||
CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2024-09-16 | N/A |
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | ||||
CVE-2002-1806 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | ||||
CVE-2008-1131 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | ||||
CVE-2013-0224 | 2 Drupal, Video Project | 2 Drupal, Video | 2024-09-16 | N/A |
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | ||||
CVE-2017-6922 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-09-16 | N/A |
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. | ||||
CVE-2010-2001 | 2 Drupal, Ninjitsuweb | 2 Drupal, Civiregister | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
CVE-2012-1635 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2024-09-16 | N/A |
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. | ||||
CVE-2012-4475 | 2 Drupal, Security Questions Project | 2 Drupal, Security Questions | 2024-09-16 | N/A |
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors. | ||||
CVE-2012-2096 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2024-09-16 | N/A |
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. | ||||
CVE-2012-5584 | 2 Drupal, M2osw | 2 Drupal, Tableofcontents | 2024-09-16 | N/A |
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | ||||
CVE-2009-2078 | 2 Drupal, Heine.familiedeelstra | 2 Drupal, Booktree | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | ||||
CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | ||||
CVE-2012-5007 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2024-09-16 | N/A |
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. |