Total
699 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2125 | 2 Drupal, Systemseed | 2 Drupal, Rotor | 2017-08-16 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | |||||
CVE-2010-2048 | 2 Drupal, Menhir | 2 Drupal, Heartbeat | 2017-08-16 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-2030 | 2 Alan Palazzolo, Drupal | 2 External Link Page, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages. | |||||
CVE-2010-2021 | 2 Drupal, Nicholasthompson | 2 Drupal, Global Redirect | 2017-08-16 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | |||||
CVE-2010-1998 | 2 Drupal, Kevinhankens | 2 Drupal, Tablefield | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. | |||||
CVE-2010-1984 | 2 Drupal, Michael Nichols | 2 Drupal, Taxonomy Breadcrumb | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. | |||||
CVE-2010-1976 | 2 Drupal, Michael Nichols | 2 Drupal, Taxonomy Breadcrumb | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. | |||||
CVE-2010-1958 | 2 Drupal, Quicksketch | 2 Drupal, Filefield | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). | |||||
CVE-2010-1584 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | |||||
CVE-2010-1539 | 2 Drupal, John Vandyk | 2 Drupal, Workflow | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. | |||||
CVE-2010-1543 | 2 Drupal, Etracker | 2 Drupal, Etracker | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. | |||||
CVE-2010-1303 | 2 Drupal, Jim Berry | 2 Drupal, Taxonomy Filter | 2017-08-16 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. | |||||
CVE-2010-1108 | 2 Drupal, Hashmarkconsulting | 2 Drupal, Controlpanel | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-1107 | 2 Drupal, Fourkitchens | 2 Drupal, Recent Comments | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." | |||||
CVE-2010-1074 | 2 2bits, Drupal | 2 Currency, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. | |||||
CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2017-08-16 | 5.0 MEDIUM | N/A |
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
CVE-2010-0697 | 2 Drupal, Ilya Ivanchenko | 2 Drupal, Itweak Upload | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | |||||
CVE-2010-3423 | 2 Drupal, Freka | 2 Drupal, Yr Verdata | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. | |||||
CVE-2009-4773 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2009-4772 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. |