Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Drupal Subscribe
Filtered by product Drupal
Total 699 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4990 2 Drupal, Jrbcs 2 Drupal, Webform Report 2010-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2010-2158 2 Drupal, Speedtech 2 Drupal, Storm 2010-06-07 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2002 3 Addison Berry, Drupal, Jeff Warrington 3 Wordfilter, Drupal, Wordfilter 2010-05-20 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.
CVE-2010-2001 2 Drupal, Ninjitsuweb 2 Drupal, Civiregister 2010-05-20 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2010-2000 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2010-05-20 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
CVE-2009-4829 3 Drupal, James Glasgow, John Vandervort 3 Drupal, Autologout, Autologout 2010-04-27 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1536 2 Drupal, Mearra 2 Drupal, Addthis 2010-04-27 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1530 2 Drupal, Reyero 2 Drupal, I18n 2010-04-26 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
CVE-2010-1362 2 Ben Jeavons, Drupal 2 Ownterm, Drupal 2010-04-14 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.
CVE-2010-1358 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2010-04-13 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4602 1 Drupal 2 Drupal, Randomizer 2010-01-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4514 2 Astha Bhatnagar, Drupal 2 Shindigintegrator, Drupal 2010-01-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4515 2 Drupal, Speedtech 2 Drupal, Storm 2010-01-08 5.0 MEDIUM N/A
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
CVE-2009-4517 2 Drupal, Nanwich 2 Drupal, Faq Ask 2010-01-08 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
CVE-2009-4516 2 Drupal, Nanwich 2 Drupal, Faq Ask 2010-01-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4518 2 Drupal, Mark Burton 2 Drupal, Insertnode 2010-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
CVE-2009-4520 2 Drupal, Kristof De Jaeger 2 Drupal, Commentreference 2010-01-05 5.0 MEDIUM N/A
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVE-2009-4526 2 Drupal, Joao Ventura 2 Drupal, Print 2010-01-04 5.0 MEDIUM N/A
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
CVE-2009-4534 2 Drupal, Nanwich 2 Drupal, Faq Ask 2010-01-03 4.3 MEDIUM N/A
Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-4296 2 Brian Miller, Drupal 2 Taxonomy Timer, Drupal 2009-12-13 7.5 HIGH N/A
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.