Filtered by vendor Drupal
Subscriptions
Total
887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | ||||
| CVE-2014-8734 | 1 Drupal | 1 Organic Groups Menu | 2025-04-12 | N/A |
| The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors. | ||||
| CVE-2014-8296 | 1 Drupal | 1 Modal Frame | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8743 | 1 Drupal | 1 Maestro | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. | ||||
| CVE-2014-5021 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label. | ||||
| CVE-2014-5020 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field. | ||||
| CVE-2014-8076 | 1 Drupal | 1 Professional Theme | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information. | ||||
| CVE-2014-8075 | 1 Drupal | 1 Tribune | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | ||||
| CVE-2014-8079 | 1 Drupal | 1 Mayo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. | ||||
| CVE-2014-8744 | 1 Drupal | 1 Nivo Slider | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. | ||||
| CVE-2014-7870 | 1 Drupal | 1 Custom Search Module | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results. | ||||
| CVE-2013-4177 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-12 | N/A |
| The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors. | ||||
| CVE-2014-7978 | 1 Drupal | 1 Bluemasters | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | ||||
| CVE-2014-7869 | 1 Drupal | 1 Context Form Alteration Module | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-3233 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | ||||
| CVE-2013-4502 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2025-04-12 | N/A |
| The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. | ||||
| CVE-2013-4498 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2025-04-12 | N/A |
| The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. | ||||
| CVE-2015-3234 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. | ||||
| CVE-2014-7979 | 1 Drupal | 1 Simplecorp | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | ||||