Total
699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6388 | 1 Drupal | 1 Drupal | 2014-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | |||||
| CVE-2013-6389 | 1 Drupal | 1 Drupal | 2014-01-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2013-12-12 | 4.0 MEDIUM | N/A |
| Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | |||||
| CVE-2012-1590 | 1 Drupal | 1 Drupal | 2013-12-12 | 4.0 MEDIUM | N/A |
| The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | |||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2013-12-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | |||||
| CVE-2012-1591 | 1 Drupal | 1 Drupal | 2013-12-12 | 5.0 MEDIUM | N/A |
| The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | |||||
| CVE-2012-1588 | 1 Drupal | 1 Drupal | 2013-12-12 | 3.5 LOW | N/A |
| Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | |||||
| CVE-2013-4446 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2013-12-09 | 6.8 MEDIUM | N/A |
| The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection. | |||||
| CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2013-12-09 | 4.9 MEDIUM | N/A |
| The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | |||||
| CVE-2012-0827 | 1 Drupal | 1 Drupal | 2013-10-29 | 3.5 LOW | N/A |
| The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | |||||
| CVE-2012-6576 | 2 Antti Alamki, Drupal | 2 Prh Search, Drupal | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4379 | 2 Drupal, Sebastien Corbin | 2 Drupal, Make Meeting Scheduler Module | 2013-10-10 | 6.4 MEDIUM | N/A |
| The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. | |||||
| CVE-2013-5964 | 2 Drupal, Joachim Noreiko | 2 Drupal, Flag Module | 2013-10-10 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | |||||
| CVE-2013-2123 | 2 Drupal, Node Access User Reference Project | 2 Drupal, Nodeaccess Userreference Module | 2013-10-07 | 5.8 MEDIUM | N/A |
| The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. | |||||
| CVE-2013-2197 | 2 Drupal, Login Security Project | 2 Drupal, Login Security | 2013-10-07 | 4.3 MEDIUM | N/A |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. | |||||
| CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2013-10-07 | 7.5 HIGH | N/A |
| The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | |||||
| CVE-2013-4138 | 2 Alienwp, Drupal | 2 Hatch, Drupal | 2013-09-18 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2013-09-05 | 4.3 MEDIUM | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | |||||
| CVE-2013-4274 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2013-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | |||||
| CVE-2013-4139 | 2 Drupal, Stage File Proxy Project | 2 Drupal, Stage File Proxy | 2013-08-29 | 5.0 MEDIUM | N/A |
| The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | |||||