Filtered by vendor Drupal
Subscriptions
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1475 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | ||||
| CVE-2014-1476 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. | ||||
| CVE-2013-7067 | 2 Drupal, Mike Stefanello | 2 Drupal, Og Features | 2025-04-11 | N/A |
| The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | ||||
| CVE-2012-4476 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0205 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
| CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2025-04-11 | N/A |
| SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-0227 | 2 Drupal, Mathijs Koenraadt | 2 Drupal, Search Api Sorts | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | ||||
| CVE-2012-4477 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
| Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | ||||
| CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | N/A |
| The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | ||||
| CVE-2012-1635 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2025-04-11 | N/A |
| The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. | ||||
| CVE-2013-0259 | 2 Boxes Project, Drupal | 2 Boxes, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. | ||||
| CVE-2012-4482 | 2 Drupal, Longwaveconsulting | 2 Drupal, Ubercart Securetrading Payment Method Module | 2025-04-11 | N/A |
| The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | ||||
| CVE-2012-1591 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | ||||
| CVE-2012-1651 | 2 Drupal, Thinkleft | 2 Drupal, Submenu Tree | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0317 | 2 Drupal, Joe Haskins | 2 Drupal, Og Manager Change | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. | ||||
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2025-04-11 | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | ||||
| CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2025-04-11 | N/A |
| The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2012-1659 | 2 Ariel Barreiro, Drupal | 2 Noderecommendation, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0319 | 2 Drupal, Yandex.metrics Project | 2 Drupal, Yandex Metrics | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | ||||
| CVE-2012-4474 | 2 Colorbox Node, Drupal | 2 Dennis Blake, Drupal | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||