Filtered by vendor Drupal
Subscriptions
Total
880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1607 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future | ||||
| CVE-2012-3799 | 2 Blaine Lang, Drupal | 2 Maestro, Drupal | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. | ||||
| CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | N/A |
| The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | ||||
| CVE-2013-0246 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | ||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | ||||
| CVE-2012-2340 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2025-04-11 | N/A |
| The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. | ||||
| CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | ||||
| CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | ||||
| CVE-2013-1785 | 2 Devsaran, Drupal | 2 Responsive, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1362 | 2 Ben Jeavons, Drupal | 2 Ownterm, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page. | ||||
| CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2025-04-11 | N/A |
| The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | ||||
| CVE-2012-4470 | 2 Drupal, Philip Ludlam | 2 Drupal, Listhandler | 2025-04-11 | N/A |
| The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-2310 | 2 Drupal, Oleg Kovalchuk | 2 Drupal, Cctags | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-4477 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
| Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | ||||
| CVE-2012-1657 | 2 Drupal, Fourkitchens | 2 Drupal, Block Class | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. | ||||
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2025-04-11 | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | ||||
| CVE-2012-4484 | 2 Drupal, Trexart | 2 Drupal, Campaignmonitor | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | ||||
| CVE-2012-4489 | 2 Drupal, Mark Burdett | 2 Drupal, Securelogin | 2025-04-11 | N/A |
| Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | ||||
| CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2025-04-11 | N/A |
| The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2012-1655 | 2 Drupal, Sven Decabooter | 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment | 2025-04-11 | N/A |
| Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. | ||||