Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
746 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0257 | 2 David Alkire, Drupal | 2 Email2image, Drupal | 2025-04-11 | N/A |
| The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | ||||
| CVE-2012-2711 | 2 Drupal, Nancy Wichmann | 2 Drupal, Taxonomy List | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | ||||
| CVE-2013-0207 | 2 Drupal, Leighton Whiting | 2 Drupal, Mark Complete | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-1779 | 2 Devsaran, Drupal | 2 Fresh, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0181 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. | ||||
| CVE-2012-2705 | 2 Christopher Mitchell, Drupal | 2 Smart Breadcrumb, Drupal | 2025-04-11 | N/A |
| The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | ||||
| CVE-2012-2704 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2025-04-11 | N/A |
| The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. | ||||
| CVE-2012-6576 | 2 Antti Alamki, Drupal | 2 Prh Search, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2719 | 2 Blaine Lang, Drupal | 2 Filedepot, Drupal | 2025-04-11 | N/A |
| The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | ||||
| CVE-2012-2703 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | ||||
| CVE-2012-5655 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | N/A |
| The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. | ||||
| CVE-2012-2308 | 2 Drupal, Tahiticlic | 2 Drupal, Taxonomy Grid Catalog | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2706 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | ||||
| CVE-2012-2708 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | ||||
| CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | ||||
| CVE-2012-2712 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | ||||
| CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | ||||
| CVE-2012-2715 | 2 Drupal, Jason Moore | 2 Drupal, Amadou | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | ||||
| CVE-2012-2717 | 2 Drupal, Mathew Winstone | 2 Drupal, Mobile Tools | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | ||||
| CVE-2012-5589 | 2 Drupal, Netgenius | 2 Drupal, Multilink | 2025-04-11 | N/A |
| The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. | ||||