| CVE-2012-2116 |
medium |
— |
6.8 |
|
|
commerceguysdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add … |
| CVE-2012-2083 |
medium |
— |
4.3 |
|
|
fusiondrupalthemesdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbi… |
| CVE-2012-2704 |
medium |
— |
5.0 |
|
|
john_franklindrupal |
14y ago |
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information tha… |
| CVE-2012-1650 |
medium |
— |
6.0 |
|
|
giantrobotdrupal |
14y ago |
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated … |
| CVE-2012-1647 |
medium |
— |
4.3 |
|
|
mediafrontdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Dru… |
| CVE-2012-1645 |
low |
— |
2.6 |
|
|
wimleersdrupal |
14y ago |
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified ve… |
| CVE-2012-1644 |
low |
— |
2.1 |
|
|
gizradrupal |
14y ago |
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via uns… |
| CVE-2012-1643 |
medium |
— |
5.0 |
|
|
jason_savinodrupal |
14y ago |
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vect… |
| CVE-2012-1642 |
medium |
— |
5.0 |
|
|
yaml-fuer-drupaldrupal |
14y ago |
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensi… |
| CVE-2012-1641 |
medium |
— |
6.0 |
|
|
danielbdrupal |
14y ago |
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission … |
| CVE-2012-1635 |
medium |
— |
6.4 |
|
|
rik_de_boerdrupal |
14y ago |
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which … |
| CVE-2012-2297 |
low |
— |
2.1 |
|
|
creative_commons_module_projectdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission t… |
| CVE-2012-2155 |
medium |
— |
6.8 |
|
|
kyle_browningdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2012-2154 |
medium |
— |
4.3 |
|
|
kyle_browningdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-2081 |
medium |
— |
5.0 |
|
|
moshe_weitzmandrupal |
14y ago |
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a re… |
| CVE-2012-2080 |
medium |
— |
6.8 |
|
|
node_limit_number_projectdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitn… |
| CVE-2012-2077 |
medium |
— |
5.1 |
|
|
rob_loachdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permi… |
| CVE-2012-2076 |
low |
— |
2.1 |
|
|
rob_loachdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions … |
| CVE-2012-2075 |
low |
— |
2.1 |
|
|
steindomdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arb… |
| CVE-2012-2074 |
medium |
— |
5.0 |
|
|
ubercart_views_projectdrupal |
14y ago |
Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. |
| CVE-2012-2073 |
medium |
— |
6.0 |
|
|
kristof_de_jaegerdrupal |
14y ago |
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permis… |
| CVE-2012-2072 |
low |
— |
2.1 |
|
|
patrick_przybilladrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject a… |
| CVE-2012-2071 |
low |
— |
2.1 |
|
|
geoff_daviesdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer si… |
| CVE-2012-2070 |
low |
— |
2.1 |
|
|
andrew_levinedrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission … |
| CVE-2012-2304 |
medium |
— |
4.3 |
|
|
emil_stjernemandrupal |
14y ago |
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive info… |
| CVE-2012-2300 |
low |
— |
2.1 |
|
|
ubercartdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product cl… |
| CVE-2012-2299 |
low |
— |
2.1 |
|
|
ubercartdrupal |
14y ago |
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive informat… |
| CVE-2012-2298 |
medium |
— |
4.3 |
|
|
drupalnancy_wichmann |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "… |
| CVE-2012-2097 |
medium |
— |
6.8 |
|
|
larry_garfielddrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary user… |
| CVE-2012-2096 |
medium |
— |
5.0 |
|
|
lullabotdrupal |
14y ago |
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. |
| CVE-2012-2310 |
low |
— |
3.5 |
|
|
oleg_kovalchukdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary w… |
| CVE-2012-2309 |
low |
— |
3.5 |
|
|
wearepropeopledrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web scr… |
| CVE-2012-2308 |
low |
— |
3.5 |
|
|
tahiticlicdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script… |
| CVE-2012-2307 |
medium |
— |
6.8 |
|
|
plaatsoftdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vector… |
| CVE-2012-2306 |
high |
— |
7.5 |
|
|
willem_van_der_plaatdrupal |
14y ago |
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-2305 |
medium |
— |
6.8 |
|
|
justin_ellisondrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that creat… |
| CVE-2012-2302 |
medium |
— |
5.0 |
|
|
nancy_wichmanndrupal |
14y ago |
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspe… |
| CVE-2012-2296 |
medium |
— |
5.0 |
|
|
janraindrupal |
14y ago |
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attack… |
| CVE-2012-2303 |
high |
— |
7.5 |
|
|
florian_weberdrupal |
14y ago |
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via… |
| CVE-2012-2717 |
medium |
— |
4.3 |
|
|
mathew_winstonedrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL f… |
| CVE-2012-3802 |
medium |
— |
4.0 |
|
|
peter_pokrivcakdrupal |
14y ago |
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. |
| CVE-2012-3800 |
low |
— |
2.1 |
|
|
moshe_weitzmandrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to in… |
| CVE-2012-3799 |
medium |
— |
5.1 |
|
|
blaine_langdrupal |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests t… |
| CVE-2012-3798 |
medium |
— |
5.0 |
|
|
bryce_hamrickdrupal |
14y ago |
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t… |
| CVE-2012-2731 |
low |
— |
2.6 |
|
|
richardo_antedrupal |
14y ago |
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information b… |
| CVE-2012-2730 |
high |
— |
7.5 |
|
|
alexis_wilkedrupal |
14y ago |
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass … |
| CVE-2012-2729 |
medium |
— |
6.8 |
|
|
adcillcdrupal |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for request… |
| CVE-2012-2728 |
medium |
— |
6.8 |
|
|
ronan_dowlingdrupal |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for req… |
| CVE-2012-2727 |
medium |
— |
5.8 |
|
|
bryce_hamrickdrupal |
14y ago |
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct ph… |
| CVE-2012-2726 |
low |
— |
2.1 |
|
|
alberto_trujillo_gonzalezdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission t… |
| CVE-2012-2725 |
low |
— |
3.5 |
|
|
authoring_htmldrupal |
14y ago |
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authentica… |
| CVE-2012-2723 |
low |
— |
2.6 |
|
|
blaine_langdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTM… |
| CVE-2012-2722 |
medium |
— |
4.3 |
|
|
scott_reynendrupal |
14y ago |
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows r… |
| CVE-2012-2721 |
medium |
— |
6.8 |
|
|
moshe_weitzmandrupal |
14y ago |
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remot… |
| CVE-2012-2720 |
medium |
— |
5.0 |
|
|
adam_rossdrupal |
14y ago |
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. |
| CVE-2012-2719 |
medium |
— |
5.1 |
|
|
blaine_langdrupal |
14y ago |
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a … |
| CVE-2012-2715 |
medium |
— |
4.3 |
|
|
jason_mooredrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web scri… |
| CVE-2012-2713 |
medium |
— |
6.8 |
|
|
browserid_projectdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for… |
| CVE-2012-2712 |
low |
— |
2.6 |
|
|
thomas_seidldrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arb… |
| CVE-2012-2711 |
low |
— |
2.1 |
|
|
nancy_wichmanndrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to in… |
| CVE-2012-2710 |
low |
— |
2.6 |
|
|
john_albindrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to injec… |
| CVE-2012-2708 |
low |
— |
2.1 |
|
|
antoine_beaupredrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows … |
| CVE-2012-2707 |
medium |
— |
5.8 |
|
|
antoine_beaupredrupal |
14y ago |
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access res… |
| CVE-2012-2706 |
medium |
— |
4.3 |
|
|
peter_pokrivcakdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. |
| CVE-2012-2705 |
low |
— |
2.1 |
|
|
christopher_mitchelldrupal |
14y ago |
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi… |
| CVE-2012-2703 |
low |
— |
2.6 |
|
|
john_franklindrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via … |
| CVE-2012-2702 |
medium |
— |
5.0 |
|
|
tony_freixasdrupal |
14y ago |
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi… |
| CVE-2010-2021 |
medium |
— |
5.8 |
|
|
nicholasthompsondrupal |
14y ago |
Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users t… |
| CVE-2012-2718 |
high |
— |
7.5 |
|
|
drupal-iddrupal |
14y ago |
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." |
| CVE-2012-2716 |
medium |
— |
6.8 |
|
|
david_stosikdrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests … |
| CVE-2012-2922 |
medium |
— |
5.0 |
|
|
drupal |
14y ago |
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati… |
| CVE-2012-2340 |
low |
— |
3.5 |
|
|
geoff_daviesdrupal |
14y ago |
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" … |
| CVE-2012-2339 |
medium |
— |
4.3 |
|
|
nancy_wichmanndrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "ta… |
| CVE-2012-2907 |
low |
— |
2.6 |
|
|
ishmael_sanchezdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the brea… |
| CVE-2012-2341 |
medium |
— |
6.8 |
|
|
rahul_singladrupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax request… |
| CVE-2012-1589 |
medium |
— |
5.8 |
|
|
drupal |
14y ago |
Drupal Open Redirect |
| CVE-2007-6752 |
medium |
— |
7.8 |
EXP |
|
drupal |
14y ago |
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout … |
| CVE-2011-4113 |
high |
— |
7.5 |
|
|
earl_milesdrupal |
15y ago |
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of view… |
| CVE-2012-1060 |
low |
— |
2.1 |
|
|
rik_de_boerdrupal |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authe… |
| CVE-2012-1057 |
medium |
— |
6.0 |
|
|
sean_robertsondrupal |
15y ago |
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers … |
| CVE-2012-1056 |
medium |
— |
5.0 |
|
|
sean_robertsondrupal |
15y ago |
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows… |
| CVE-2012-0914 |
medium |
— |
4.3 |
|
|
earl_milesdrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal all… |
| CVE-2011-5030 |
low |
— |
3.5 |
|
|
valthbalddrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or H… |
| CVE-2011-4560 |
low |
— |
3.5 |
|
|
drupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2011-3730 |
medium |
— |
5.0 |
|
|
drupal |
15y ago |
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/… |
| CVE-2009-5096 |
medium |
— |
4.3 |
|
|
khalid_baheyeldindrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. |
| CVE-2011-2687 |
high |
— |
7.5 |
|
|
drupal |
15y ago |
Drupal Access Control Bypass |
| CVE-2010-4813 |
low |
— |
3.5 |
|
|
category_tokens_projectdrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web scr… |
| CVE-2011-1664 |
medium |
— |
6.8 |
|
|
icanlocalizedrupal |
15y ago |
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unk… |
| CVE-2011-1663 |
high |
— |
7.5 |
|
|
icanlocalizedrupal |
15y ago |
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1662 |
medium |
— |
4.3 |
|
|
icanlocalizedrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1661 |
medium |
— |
5.0 |
|
|
nicholas_thompsondrupal |
15y ago |
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensit… |
| CVE-2010-4775 |
medium |
— |
5.0 |
|
|
nicholas_thompsondrupal |
15y ago |
The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and re… |
| CVE-2011-1066 |
low |
— |
2.6 |
|
|
reyerodrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to in… |
| CVE-2011-0899 |
medium |
— |
5.0 |
|
|
johan_lindskogdrupal |
16y ago |
The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain priv… |
| CVE-2011-0771 |
medium |
— |
6.8 |
|
|
janraindrupal |
16y ago |
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and p… |
| CVE-2010-4521 |
medium |
— |
4.3 |
|
|
earl_milesdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. |
| CVE-2010-4520 |
medium |
— |
4.3 |
|
|
earl_milesdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator… |
| CVE-2010-4519 |
medium |
— |
6.8 |
|
|
earl_milesdrupal |
16y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack th… |
| CVE-2010-3686 |
medium |
— |
5.0 |
|
|
drupalpeter_wolanin |
16y ago |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attacker… |
