Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4354 | 1 Ubercart Webform Integration Project | 1 Ubercart Webform Integration | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4356 | 1 Webform Project | 1 Webform | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform. | |||||
CVE-2015-4357 | 1 Webform Project | 1 Webform | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block. | |||||
CVE-2015-4358 | 1 Ubercart Discount Coupons Project | 1 Ubercart Discount Coupons | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. | |||||
CVE-2015-4359 | 1 Registration Codes Project | 1 Registration Codes | 2015-06-30 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4365 | 1 Taxonomy Accordion Project | 1 Taxonomy Accordion | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. | |||||
CVE-2015-4366 | 1 Mover Project | 1 Mover | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4372 | 1 Image Title Project | 1 Image Title | 2015-06-30 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4346 | 1 Sms Framework Project | 1 Sms Framework | 2015-06-30 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews. | |||||
CVE-2015-4347 | 1 Inlinks Project | 1 Inlinks | 2015-06-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments. | |||||
CVE-2015-0131 | 1 Ibm | 1 Leads | 2015-06-29 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4367 | 1 Simple Subscription Project | 1 Simple Subscription | 2015-06-26 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content. | |||||
CVE-2015-4369 | 1 Trick Question Project | 1 Trick Question | 2015-06-26 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4370 | 1 Site Documentation Project | 1 Site Documentation | 2015-06-26 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. | |||||
CVE-2015-4392 | 1 Display Suite Project | 1 Display Suite | 2015-06-26 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings. | |||||
CVE-2015-4388 | 1 Current Search Links Project | 1 Current Search Links | 2015-06-26 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query. | |||||
CVE-2015-4387 | 1 Password Policy Project | 1 Password Policy | 2015-06-26 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source. | |||||
CVE-2015-4385 | 1 Imagefield Info Project | 1 Imagefield Info | 2015-06-26 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4386 | 1 Entitybulkdelete Project | 1 Entitybulkdelete | 2015-06-26 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes. | |||||
CVE-2015-4381 | 1 Invoice Project | 1 Invoice | 2015-06-26 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type. |