Filtered by vendor Drupal
Subscribe
Total
823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | |||||
| CVE-2013-1905 | 2 Catalin Florian Radut, Drupal | 2 Zeropoint, Drupal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1971 | 2 Drupal, Jordan De Laune | 2 Drupal, Mp3 Player | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. | |||||
| CVE-2013-2158 | 2 Drupal, Services Project | 2 Drupal, Services | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-1783 | 2 Devsaran, Drupal | 2 Business, Drupal | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1972 | 2 Alexey Sukhotin, Drupal | 2 Elfinder, Drupal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | |||||
| CVE-2013-1393 | 2 Curvycorners, Drupal | 2 Curvycorners, Drupal | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2715 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. | |||||
| CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
| CVE-2012-6573 | 2 Alejandro Garza, Drupal | 2 Apachesolr Autocomplete, Drupal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. | |||||
| CVE-2012-6572 | 2 Drupal, Kong | 2 Drupal, Inf08 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. | |||||
| CVE-2012-6574 | 2 Drupal, Soprano | 2 Drupal, Fonecta Verify | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-6582 | 2 Drupal, Spambot Module Project | 2 Drupal, Spambot | 2017-08-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. | |||||
| CVE-2012-6575 | 2 Drupal, Mobile4social | 2 Drupal, Exposed Filter Data | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-6583 | 2 Drupal, Imagemenu Project | 2 Drupal, Imagemenu | 2017-08-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | |||||
| CVE-2012-5651 | 1 Drupal | 1 Drupal | 2017-08-28 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. | |||||
| CVE-2012-5652 | 1 Drupal | 1 Drupal | 2017-08-28 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||||
| CVE-2012-5653 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2017-08-28 | 6.0 MEDIUM | N/A |
| The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. | |||||
| CVE-2012-5542 | 2 Drupal, Pedro Cambra | 2 Drupal, Commerce Extra Panes | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." | |||||
| CVE-2013-0181 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2017-08-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. | |||||