| CVE-2010-3685 |
medium |
— |
5.0 |
|
|
drupalpeter_wolanin |
16y ago |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which all… |
| CVE-2010-3091 |
medium |
— |
5.0 |
|
|
drupalpeter_wolanin |
16y ago |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote att… |
| CVE-2010-3094 |
low |
— |
2.1 |
|
|
drupal |
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |
| CVE-2010-3093 |
low |
— |
3.5 |
|
|
drupal |
16y ago |
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a … |
| CVE-2010-3092 |
medium |
— |
5.5 |
|
|
drupal |
16y ago |
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to by… |
| CVE-2010-3423 |
high |
— |
7.5 |
|
|
frekadrupal |
16y ago |
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. |
| CVE-2009-4990 |
medium |
— |
4.3 |
|
|
jrbcsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. |
| CVE-2010-3022 |
low |
— |
2.6 |
|
|
drupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url al… |
| CVE-2010-2724 |
low |
— |
2.1 |
|
|
wimleersdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions… |
| CVE-2010-2353 |
medium |
— |
5.0 |
|
|
drupalyves_chedemois |
16y ago |
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, wh… |
| CVE-2010-2352 |
medium |
— |
5.0 |
|
|
karen_stevensonyves_chedemoisdrupal |
16y ago |
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allow… |
| CVE-2010-1958 |
low |
— |
2.1 |
|
|
drupalquicksketch |
16y ago |
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to F… |
| CVE-2010-2158 |
low |
— |
2.1 |
|
|
speedtechdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we… |
| CVE-2010-2125 |
low |
— |
2.1 |
|
|
systemseeddrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit… |
| CVE-2010-2123 |
low |
— |
2.1 |
|
|
speedtechdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we… |
| CVE-2010-2048 |
low |
— |
3.5 |
|
|
menhirdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2010-2030 |
medium |
— |
4.3 |
|
|
alan_palazzolodrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vecto… |
| CVE-2010-2002 |
low |
— |
2.1 |
|
|
addison_berryjeff_warringtondrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, … |
| CVE-2010-2001 |
low |
— |
2.6 |
|
|
ninjitsuwebdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. |
| CVE-2010-2000 |
low |
— |
2.1 |
|
|
ron_jeromedrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… |
| CVE-2010-1998 |
low |
— |
2.1 |
|
|
kevinhankensdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbi… |
| CVE-2010-1984 |
low |
— |
2.1 |
|
|
michael_nicholsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions… |
| CVE-2010-1976 |
low |
— |
2.1 |
|
|
michael_nicholsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary w… |
| CVE-2010-1584 |
low |
— |
2.1 |
|
|
steven_jonesdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HT… |
| CVE-2009-4829 |
low |
— |
2.1 |
|
|
james_glasgowjohn_vandervortdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi… |
| CVE-2010-1543 |
medium |
— |
4.3 |
|
|
etrackerdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary … |
| CVE-2010-1539 |
low |
— |
2.1 |
|
|
john_vandykdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users t… |
| CVE-2010-1536 |
low |
— |
2.1 |
|
|
mearradrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in… |
| CVE-2010-1530 |
low |
— |
2.1 |
|
|
reyerodrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks pr… |
| CVE-2009-4773 |
medium |
— |
6.8 |
|
|
ubercartdrupal |
16y ago |
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the… |
| CVE-2009-4772 |
medium |
— |
4.3 |
|
|
ubercartdrupal |
16y ago |
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message … |
| CVE-2009-4771 |
medium |
— |
5.0 |
|
|
ubercartdrupal |
16y ago |
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trig… |
| CVE-2010-1362 |
low |
— |
2.1 |
|
|
ben_jeavonsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML… |
| CVE-2010-1358 |
low |
— |
2.1 |
|
|
ron_jeromedrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… |
| CVE-2010-1303 |
low |
— |
2.1 |
|
|
jim_berrydrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node p… |
| CVE-2010-1108 |
low |
— |
3.5 |
|
|
hashmarkconsultingdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to … |
| CVE-2010-1107 |
low |
— |
3.5 |
|
|
fourkitchensdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML … |
| CVE-2010-1074 |
medium |
— |
4.3 |
|
|
2bitsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to w… |
| CVE-2010-0752 |
medium |
— |
5.0 |
|
|
earl_dunovantdrupal |
17y ago |
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows re… |
| CVE-2010-0697 |
low |
— |
3.5 |
|
|
ilya_ivanchenkodrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload fil… |
| CVE-2010-0370 |
low |
— |
3.5 |
|
|
roger_lopezthomas_turnbulldrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or … |
