Filtered by vendor Drupal
Subscribe
Total
823 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3648 | 2 Apsivam, Drupal | 2 Service Links, Drupal | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | |||||
CVE-2009-3488 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479. | |||||
CVE-2009-3442 | 2 Ariel Barreiro, Drupal | 2 Meta Tags, Drupal | 2017-08-16 | 5.0 MEDIUM | N/A |
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2009-3435 | 2 Drupal, Moshe Weitzman | 2 Drupal, Devel | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. | |||||
CVE-2009-3363 | 2 Drupal, Ufku Bayburt | 2 Drupal, Bueditor | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | |||||
CVE-2009-3210 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2017-08-16 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2017-08-16 | 6.8 MEDIUM | N/A |
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | |||||
CVE-2009-3206 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2017-08-16 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | |||||
CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2017-08-16 | 6.4 MEDIUM | N/A |
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | |||||
CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4773 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2009-4772 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | |||||
CVE-2009-4771 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 5.0 MEDIUM | N/A |
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | |||||
CVE-2009-4559 | 2 Drupal, Nanwich | 2 Drupal, Submitted By | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text. | |||||
CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2017-08-16 | 5.0 MEDIUM | N/A |
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | |||||
CVE-2009-4557 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2017-08-16 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title. | |||||
CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-16 | 5.0 MEDIUM | N/A |
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | |||||
CVE-2009-4532 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. | |||||
CVE-2009-4528 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2017-08-16 | 6.5 MEDIUM | N/A |
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. |