Filtered by vendor Drupal
Subscriptions
Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1659 | 2 Ariel Barreiro, Drupal | 2 Noderecommendation, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1660 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | ||||
| CVE-2012-3799 | 2 Blaine Lang, Drupal | 2 Maestro, Drupal | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. | ||||
| CVE-2012-2922 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. | ||||
| CVE-2012-2059 | 2 Drupal, Steve Lockwood | 2 Drupal, Ticketyboo News Ticker | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2060 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-3800 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | ||||
| CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2025-04-11 | N/A |
| Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2012-2063 | 2 Brian Altenhofel, Drupal | 2 Slidebox, Drupal | 2025-04-11 | N/A |
| The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-2064 | 2 Drupal, Mark Theunissen | 2 Drupal, Views Lang Switch | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2012-4470 | 2 Drupal, Philip Ludlam | 2 Drupal, Listhandler | 2025-04-11 | N/A |
| The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-2066 | 2 Ckeditor, Drupal | 3 Ckeditor, Fckeditor, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2068 | 2 Drupal, Tiger-fish | 2 Drupal, Fancy Slide | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. | ||||
| CVE-2012-2069 | 2 Drupal, Mclewin | 2 Drupal, Wishlist | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | ||||
| CVE-2012-2070 | 2 Andrew Levine, Drupal | 2 Multiblock, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title. | ||||
| CVE-2012-2071 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2072 | 2 Drupal, Patrick Przybilla | 2 Drupal, Addtoany | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2073 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Bundle Copy | 2025-04-11 | N/A |
| The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2012-4482 | 2 Drupal, Longwaveconsulting | 2 Drupal, Ubercart Securetrading Payment Method Module | 2025-04-11 | N/A |
| The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | ||||
| CVE-2012-2727 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2025-04-11 | N/A |
| Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | ||||