Total
721 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | 6.8 MEDIUM | N/A |
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | |||||
CVE-2013-5964 | 2 Drupal, Joachim Noreiko | 2 Drupal, Flag Module | 2025-04-11 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | |||||
CVE-2012-5590 | 2 Drupal, Scripthead | 2 Drupal, Webmail Plus | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-0206 | 2 Drupal, Guy Bedford | 2 Drupal, Live Css | 2025-04-11 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2013-2123 | 2 Drupal, Node Access User Reference Project | 2 Drupal, Nodeaccess Userreference Module | 2025-04-11 | 5.8 MEDIUM | N/A |
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. | |||||
CVE-2012-5652 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||||
CVE-2013-2122 | 2 Drupal, Quade | 2 Drupal, Edit Limit | 2025-04-11 | 5.0 MEDIUM | N/A |
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. | |||||
CVE-2012-2084 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. | |||||
CVE-2012-6583 | 2 Drupal, Imagemenu Project | 2 Drupal, Imagemenu | 2025-04-11 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | |||||
CVE-2012-2068 | 2 Drupal, Tiger-fish | 2 Drupal, Fancy Slide | 2025-04-11 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. | |||||
CVE-2012-2716 | 2 David Stosik, Drupal | 2 Comment Moderation, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. | |||||
CVE-2009-4773 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-2703 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2025-04-11 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | |||||
CVE-2012-1652 | 3 Drupal, Wim Leers, Wimleers | 3 Drupal, Hierarchical Select, Hierarchical Select | 2025-04-11 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." | |||||
CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | |||||
CVE-2010-2724 | 2 Drupal, Wimleers | 2 Drupal, Hierarchical Select | 2025-04-11 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. | |||||
CVE-2012-1660 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-11 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | |||||
CVE-2013-2036 | 2 Drupal, Yoran Brault | 2 Drupal, Filebrowser | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | |||||
CVE-2007-6752 | 1 Drupal | 1 Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off. |