| CVE-2012-5542 |
medium |
— |
6.8 |
|
|
pedro_cambradrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests… |
| CVE-2012-5541 |
medium |
— |
4.3 |
|
|
twitter_pull_projectdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2012-5540 |
medium |
— |
4.3 |
|
|
tekritisoftwaredrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi… |
| CVE-2012-5539 |
low |
— |
3.5 |
|
|
organic_groups_projectdrupal |
14y ago |
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying… |
| CVE-2012-5538 |
low |
— |
2.1 |
|
|
nathan_haugdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows r… |
| CVE-2012-5537 |
medium |
— |
6.0 |
|
|
simplenews_scheduler_projectdrupal |
14y ago |
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling f… |
| CVE-2012-4479 |
high |
— |
7.5 |
|
|
david_alkiredrupal |
14y ago |
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-4478 |
medium |
— |
6.8 |
|
|
david_alkiredrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. |
| CVE-2012-4477 |
medium |
— |
5.0 |
|
|
david_alkiredrupal |
14y ago |
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. |
| CVE-2012-4476 |
medium |
— |
4.3 |
|
|
david_alkiredrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-4475 |
medium |
— |
5.0 |
|
|
security_questions_projectdrupal |
14y ago |
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and a… |
| CVE-2012-4474 |
medium |
— |
4.3 |
|
|
colorbox_nodedrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified paramet… |
| CVE-2012-4473 |
low |
— |
3.5 |
|
|
christian_johanssondrupal |
14y ago |
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished no… |
| CVE-2012-4472 |
medium |
— |
5.1 |
|
|
david_alkiredrupal |
14y ago |
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an… |
| CVE-2012-4471 |
medium |
— |
5.0 |
|
|
dominique_clausedrupal |
14y ago |
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p… |
| CVE-2012-4470 |
high |
— |
7.5 |
|
|
philip_ludlamdrupal |
14y ago |
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have… |
| CVE-2012-4469 |
low |
— |
2.6 |
|
|
simon_rycroftdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject … |
| CVE-2012-4468 |
medium |
— |
4.3 |
|
|
privatemsg_projectdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. |
| CVE-2012-2084 |
medium |
— |
4.3 |
|
|
joao_venturadrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web sc… |
| CVE-2012-4554 |
medium |
— |
6.0 |
EXP |
|
drupal |
14y ago |
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. |
| CVE-2012-4553 |
medium |
— |
6.8 |
|
|
drupal |
14y ago |
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient con… |
| CVE-2012-4498 |
high |
— |
7.5 |
|
|
morbus_iffdrupal |
14y ago |
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h… |
| CVE-2012-4497 |
low |
— |
2.1 |
|
|
devsarandrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permissi… |
| CVE-2012-4493 |
low |
— |
2.1 |
|
|
roy_baxterdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better… |
| CVE-2012-4487 |
medium |
— |
4.0 |
|
|
boombatowerdrupal |
14y ago |
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they c… |
| CVE-2012-4486 |
medium |
— |
6.8 |
|
|
boombatowerdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the us… |
| CVE-2012-5705 |
low |
— |
2.1 |
|
|
justin_dodgedrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administ… |
| CVE-2012-5704 |
low |
— |
3.5 |
|
|
justin_dodgedrupal |
14y ago |
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a blo… |
| CVE-2012-4500 |
low |
— |
3.5 |
|
|
nancy_wichmanndrupal |
14y ago |
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp… |
| CVE-2012-4499 |
medium |
— |
5.0 |
|
|
matthias_huttererdrupal |
14y ago |
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vec… |
| CVE-2012-4496 |
low |
— |
2.1 |
|
|
inclinddrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject a… |
| CVE-2012-4495 |
medium |
— |
4.0 |
|
|
mime_mail_module_projectdrupal |
14y ago |
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary f… |
| CVE-2012-4494 |
medium |
— |
4.3 |
|
|
niifdrupal |
14y ago |
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibl… |
| CVE-2012-4492 |
low |
— |
2.1 |
|
|
isaac_sukindrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions … |
| CVE-2012-4491 |
medium |
— |
5.8 |
|
|
earl_dunovantdrupal |
14y ago |
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec… |
| CVE-2012-4490 |
medium |
— |
4.3 |
|
|
ricky_morsedrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or… |
| CVE-2012-4489 |
medium |
— |
5.8 |
|
|
mark_burdettdrupal |
14y ago |
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a… |
| CVE-2012-4488 |
medium |
— |
5.0 |
|
|
location_module_projectdrupal |
14y ago |
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via… |
| CVE-2012-4485 |
medium |
— |
4.3 |
|
|
manuel_garciadrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow rem… |
| CVE-2012-4484 |
medium |
— |
4.3 |
|
|
trexartdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via un… |
| CVE-2012-4483 |
medium |
— |
5.0 |
|
|
acquiadrupal |
14y ago |
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not… |
| CVE-2012-4482 |
medium |
— |
5.0 |
|
|
longwaveconsultingdrupal |
14y ago |
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspeci… |
| CVE-2010-5277 |
medium |
— |
4.9 |
|
|
karim_ratibdrupal |
14y ago |
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions an… |
| CVE-2010-5276 |
medium |
— |
4.3 |
|
|
memcache_projectdrupal |
14y ago |
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until th… |
| CVE-2010-5275 |
medium |
— |
4.3 |
|
|
memcache_projectdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2012-1634 |
medium |
— |
4.3 |
|
|
hans_nilssondrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EM… |
| CVE-2012-1624 |
low |
— |
3.5 |
|
|
lingotekdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating… |
| CVE-2012-1623 |
medium |
— |
5.0 |
|
|
aidanlisterdrupal |
14y ago |
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. |
| CVE-2012-5233 |
low |
— |
2.1 |
|
|
luke_herringtondrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML v… |
| CVE-2012-1636 |
medium |
— |
4.3 |
|
|
luke_herringtondrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v… |
| CVE-2012-1639 |
low |
— |
3.5 |
|
|
drupalcommerceguys |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web… |
| CVE-2012-2153 |
medium |
— |
4.0 |
|
|
drupal |
14y ago |
Drupal improper access restrictions |
| CVE-2012-1591 |
medium |
— |
5.0 |
|
|
drupal |
14y ago |
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. |
| CVE-2012-1590 |
medium |
— |
4.0 |
|
|
drupal |
14y ago |
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post… |
| CVE-2012-1588 |
low |
— |
3.5 |
|
|
drupal |
14y ago |
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain r… |
| CVE-2012-1646 |
medium |
— |
4.3 |
|
|
drupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via th… |
| CVE-2011-5189 |
low |
— |
2.1 |
|
|
svendecabooterdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update We… |
| CVE-2011-5188 |
low |
— |
2.1 |
|
|
tag1consultingdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web… |
| CVE-2011-5187 |
low |
— |
2.1 |
|
|
tag1consultingdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission t… |
| CVE-2012-5007 |
medium |
— |
5.0 |
|
|
wizonesolutionsdrupal |
14y ago |
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments… |
| CVE-2012-1631 |
medium |
— |
6.8 |
|
|
databasepublishdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and … |
| CVE-2012-1630 |
low |
— |
2.1 |
|
|
nestor_mata_cuthbertdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified … |
| CVE-2012-1629 |
low |
— |
2.1 |
|
|
dmitry_loacdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1628 |
low |
— |
3.5 |
|
|
63reasonsdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1626 |
medium |
— |
6.0 |
|
|
drupalkaren_stevenson |
14y ago |
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to exec… |
| CVE-2012-1625 |
medium |
— |
6.0 |
|
|
wizonesolutionsdrupal |
14y ago |
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authent… |
| CVE-2012-1633 |
medium |
— |
6.8 |
|
|
erikwebbdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users … |
| CVE-2012-1632 |
low |
— |
2.1 |
|
|
erik_webbdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer polic… |
| CVE-2012-1627 |
low |
— |
3.5 |
|
|
marvil07drupal |
14y ago |
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitra… |
| CVE-2012-1640 |
low |
— |
2.1 |
|
|
alquimiadrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbi… |
| CVE-2012-1638 |
medium |
— |
6.0 |
|
|
dominique_clausedrupal |
14y ago |
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL comman… |
| CVE-2012-1653 |
low |
— |
3.5 |
|
|
collectivecolorsdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via u… |
| CVE-2012-1652 |
low |
— |
2.1 |
|
|
wim_leersdrupalwimleers |
14y ago |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary… |
| CVE-2012-1651 |
low |
— |
3.5 |
|
|
thinkleftdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1660 |
low |
— |
2.1 |
|
|
nathan_haugdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module … |
| CVE-2012-1659 |
low |
— |
2.1 |
|
|
ariel_barreirodrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script … |
| CVE-2012-1658 |
low |
— |
2.1 |
|
|
fourkitchensdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arb… |
| CVE-2012-1657 |
low |
— |
2.1 |
|
|
fourkitchensdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web s… |
| CVE-2012-1656 |
medium |
— |
6.8 |
|
|
wesjonesdrupal |
14y ago |
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix fi… |
| CVE-2012-1655 |
medium |
— |
4.0 |
|
|
sven_decabooterdrupal |
14y ago |
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. |
| CVE-2012-1654 |
low |
— |
2.1 |
|
|
alex_barthdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data ta… |
| CVE-2012-2062 |
medium |
— |
6.4 |
|
|
sami_kiminkidrupal |
14y ago |
Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2012-2061 |
medium |
— |
6.8 |
|
|
nijskens_rafdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not che… |
| CVE-2012-2060 |
medium |
— |
4.3 |
|
|
nijskens_rafdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-2059 |
medium |
— |
4.3 |
|
|
steve_lockwooddrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-2058 |
medium |
— |
5.0 |
|
|
paypaldrupal |
14y ago |
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. |
| CVE-2012-2057 |
medium |
— |
6.8 |
|
|
miuradrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors re… |
| CVE-2012-2056 |
medium |
— |
6.8 |
|
|
nathan_brinkdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2012-1649 |
medium |
— |
4.9 |
|
|
danielbdrupal |
14y ago |
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecifie… |
| CVE-2012-1648 |
low |
— |
2.1 |
|
|
danielbdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HT… |
| CVE-2012-2069 |
medium |
— |
6.8 |
|
|
mclewindrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary u… |
| CVE-2012-2068 |
low |
— |
2.1 |
|
|
tiger-fishdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi… |
| CVE-2012-2067 |
medium |
— |
6.8 |
|
|
ckeditordrupal |
14y ago |
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allo… |
| CVE-2012-2066 |
medium |
— |
4.3 |
|
|
ckeditordrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticate… |
| CVE-2012-2065 |
low |
— |
3.5 |
|
|
fresodrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi… |
| CVE-2012-2064 |
medium |
— |
4.3 |
|
|
mark_theunissendrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or… |
| CVE-2012-2063 |
medium |
— |
5.0 |
|
|
brian_altenhofeldrupal |
14y ago |
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2012-2117 |
medium |
— |
4.3 |
|
|
yaniv_aran-shamirdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-2116 |
medium |
— |
6.8 |
|
|
commerceguysdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add … |
| CVE-2012-2083 |
medium |
— |
4.3 |
|
|
fusiondrupalthemesdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbi… |
