Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Drupal Subscribe
Total 823 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2730 2 Alexis Wilke, Drupal 2 Protected Node, Drupal 2017-08-28 7.5 HIGH N/A
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
CVE-2012-1649 2 Danielb, Drupal 2 Cool Aid, Drupal 2017-08-28 4.9 MEDIUM N/A
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
CVE-2012-1640 2 Alquimia, Drupal 2 Managesite, Drupal 2017-08-28 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category.
CVE-2012-2074 2 Drupal, Ubercart Views Project 2 Drupal, Uc Views 2017-08-28 5.0 MEDIUM N/A
Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2012-2726 2 Alberto Trujillo Gonzalez, Drupal 2 Protest, Drupal 2017-08-28 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter.
CVE-2012-2727 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2017-08-28 5.8 MEDIUM N/A
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2012-1644 2 Drupal, Gizra 2 Drupal, Og Vocab 2017-08-28 2.1 LOW N/A
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
CVE-2012-2728 2 Drupal, Ronan Dowling 2 Drupal, Node Hierarchy 2017-08-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action.
CVE-2012-1629 2 Dmitry Loac, Drupal 2 Taxotouch, Drupal 2017-08-28 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2907 2 Drupal, Ishmael Sanchez 2 Drupal, Aberdeen 2017-08-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2922 1 Drupal 1 Drupal 2017-08-28 5.0 MEDIUM N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-2718 2 Drupal, Drupal-id 2 Drupal, Counter Module 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
CVE-2012-2717 2 Drupal, Mathew Winstone 2 Drupal, Mobile Tools 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
CVE-2012-2720 2 Adam Ross, Drupal 2 Tokenauth, Drupal 2017-08-28 5.0 MEDIUM N/A
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.
CVE-2012-2721 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2017-08-28 6.8 MEDIUM N/A
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-2715 2 Drupal, Jason Moore 2 Drupal, Amadou 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links.
CVE-2012-2716 2 David Stosik, Drupal 2 Comment Moderation, Drupal 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.
CVE-2012-2711 2 Drupal, Nancy Wichmann 2 Drupal, Taxonomy List 2017-08-28 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
CVE-2012-2722 2 Drupal, Scott Reynen 2 Drupal, Node Embed 2017-08-28 4.3 MEDIUM N/A
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
CVE-2012-1056 2 Drupal, Sean Robertson 2 Drupal, Forward 2017-08-28 5.0 MEDIUM N/A
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.