Filtered by vendor Drupal
Subscribe
Total
823 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1303 | 2 Drupal, Jim Berry | 2 Drupal, Taxonomy Filter | 2017-08-16 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. | |||||
CVE-2010-1108 | 2 Drupal, Hashmarkconsulting | 2 Drupal, Controlpanel | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-1107 | 2 Drupal, Fourkitchens | 2 Drupal, Recent Comments | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." | |||||
CVE-2010-1074 | 2 2bits, Drupal | 2 Currency, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. | |||||
CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2017-08-16 | 5.0 MEDIUM | N/A |
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
CVE-2010-0697 | 2 Drupal, Ilya Ivanchenko | 2 Drupal, Itweak Upload | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | |||||
CVE-2010-3022 | 1 Drupal | 1 Devel Module | 2017-08-16 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | |||||
CVE-2009-3783 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | |||||
CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2017-08-16 | 3.5 LOW | N/A |
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | |||||
CVE-2009-3781 | 2 Drupal, Quicksketch | 2 Drupal, Filefield | 2017-08-16 | 7.5 HIGH | N/A |
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | |||||
CVE-2009-3780 | 2 Ashok Modi, Drupal | 2 Abuse, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3778 | 2 Adam Gerson, Drupal | 2 Moodle Courselist, Drupal | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-3779 | 2 Drupal, Stefan Auditor | 2 Drupal, Vcard | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. | |||||
CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2017-08-16 | 5.8 MEDIUM | N/A |
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2009-3656 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2017-08-16 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | |||||
CVE-2009-3653 | 2 Darren Oh, Drupal | 2 Xml Sitemap, Drupal | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | |||||
CVE-2009-3652 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | |||||
CVE-2009-3651 | 2 Drupal, Mikeryan | 2 Drupal, Browscap | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
CVE-2009-3650 | 2 David Strauss, Drupal | 2 Dex, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |