Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6389 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2010-4520 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. | ||||
| CVE-2010-4775 | 2 Drupal, Nicholas Thompson | 2 Drupal, Relevant Content | 2025-04-11 | N/A |
| The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. | ||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | ||||
| CVE-2010-0697 | 2 Drupal, Ilya Ivanchenko | 2 Drupal, Itweak Upload | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | ||||
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2025-04-11 | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | ||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1536 | 2 Drupal, Mearra | 2 Drupal, Addthis | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1543 | 2 Drupal, Etracker | 2 Drupal, Etracker | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. | ||||
| CVE-2010-1584 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | ||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | ||||
| CVE-2012-2096 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2025-04-11 | N/A |
| The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. | ||||
| CVE-2011-1066 | 2 Drupal, Reyero | 2 Drupal, Messaging | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-1662 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2907 | 2 Drupal, Ishmael Sanchez | 2 Drupal, Aberdeen | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | ||||
| CVE-2012-5652 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | ||||
| CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2025-04-09 | N/A |
| The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | ||||
| CVE-2009-4514 | 2 Astha Bhatnagar, Drupal | 2 Shindigintegrator, Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2008-1731 | 2 3281d, Drupal | 2 Simple Access, Drupal | 2025-04-09 | N/A |
| The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | ||||