Filtered by vendor Drupal
Subscriptions
Total
853 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8747 | 1 Drupal | 1 Commons | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages. | ||||
CVE-2014-9015 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | ||||
CVE-2014-8079 | 1 Drupal | 1 Mayo | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. | ||||
CVE-2015-3234 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. | ||||
CVE-2015-6658 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. | ||||
CVE-2014-5020 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field. | ||||
CVE-2015-3233 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
CVE-2016-3163 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. | ||||
CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | ||||
CVE-2016-3167 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2025-04-12 | N/A |
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter. | ||||
CVE-2016-3170 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. | ||||
CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2025-04-12 | N/A |
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | ||||
CVE-2015-6665 | 3 Chaos Tool Suite Project, Drupal, Fedoraproject | 3 Ctools, Drupal, Fedora | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. | ||||
CVE-2016-7571 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. | ||||
CVE-2013-4178 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-12 | N/A |
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP). | ||||
CVE-2014-8748 | 1 Drupal | 1 Doubleclick For Publishers | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | ||||
CVE-2014-8746 | 1 Drupal | 1 Skeleton Theme | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | ||||
CVE-2014-9016 | 3 Debian, Drupal, Secure Password Hashes Project | 3 Debian Linux, Drupal, Secure Passwords Hashes | 2025-04-12 | N/A |
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | ||||
CVE-2013-4504 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2025-04-12 | N/A |
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | ||||
CVE-2014-8077 | 1 Drupal | 1 Newsflash | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. |