Vulnerabilities (CVE)

Filtered by vendor Drupal Subscribe
Filtered by product Drupal
Total 721 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1611 2 Anonymous Posting Project, Drupal 2 Anonymous Posting, Drupal 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.
CVE-2013-6388 1 Drupal 1 Drupal 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
CVE-2012-2063 2 Brian Altenhofel, Drupal 2 Slidebox, Drupal 2025-04-11 5.0 MEDIUM N/A
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2727 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 5.8 MEDIUM N/A
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2012-1588 1 Drupal 1 Drupal 2025-04-11 3.5 LOW N/A
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
CVE-2012-2708 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log.
CVE-2012-6574 2 Drupal, Soprano 2 Drupal, Fonecta Verify 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2299 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 2.1 LOW N/A
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
CVE-2012-2726 2 Alberto Trujillo Gonzalez, Drupal 2 Protest, Drupal 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter.
CVE-2012-1633 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
CVE-2010-1998 2 Drupal, Kevinhankens 2 Drupal, Tablefield 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.
CVE-2012-1649 2 Danielb, Drupal 2 Cool Aid, Drupal 2025-04-11 4.9 MEDIUM N/A
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
CVE-2012-6576 2 Antti Alamki, Drupal 2 Prh Search, Drupal 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5705 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."
CVE-2012-2341 2 Drupal, Rahul Singla 2 Drupal, Take Control 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
CVE-2013-1887 2 Drupal, Views Project 2 Drupal, Views 2025-04-11 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
CVE-2010-1362 2 Ben Jeavons, Drupal 2 Ownterm, Drupal 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
CVE-2012-3798 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 5.0 MEDIUM N/A
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.