Filtered by vendor Drupal
Subscriptions
Total
880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2704 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2025-04-11 | N/A |
| The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. | ||||
| CVE-2012-2705 | 2 Christopher Mitchell, Drupal | 2 Smart Breadcrumb, Drupal | 2025-04-11 | N/A |
| The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | ||||
| CVE-2012-2706 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | ||||
| CVE-2012-2708 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | ||||
| CVE-2012-2711 | 2 Drupal, Nancy Wichmann | 2 Drupal, Taxonomy List | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | ||||
| CVE-2012-2712 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | ||||
| CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | ||||
| CVE-2012-2715 | 2 Drupal, Jason Moore | 2 Drupal, Amadou | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | ||||
| CVE-2012-2717 | 2 Drupal, Mathew Winstone | 2 Drupal, Mobile Tools | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | ||||
| CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2025-04-11 | N/A |
| SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | ||||
| CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2025-04-11 | N/A |
| The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2012-2721 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | N/A |
| The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-2725 | 2 Authoring Html, Drupal | 2 6.x-1.0, Drupal | 2025-04-11 | N/A |
| classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2013-0316 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | ||||
| CVE-2012-1655 | 2 Drupal, Sven Decabooter | 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment | 2025-04-11 | N/A |
| Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. | ||||
| CVE-2012-1651 | 2 Drupal, Thinkleft | 2 Drupal, Submenu Tree | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2309 | 2 Drupal, Wearepropeople | 2 Drupal, Glossify Internal Links Auto Seo | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-0825 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-1972 | 2 Alexey Sukhotin, Drupal | 2 Elfinder, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | ||||
| CVE-2012-1650 | 2 Drupal, Giantrobot | 2 Drupal, Zipcart | 2025-04-11 | N/A |
| The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. | ||||