Total
699 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4207 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2009-12-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. | |||||
CVE-2009-3921 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Smartqueue Og | 2009-11-09 | 4.0 MEDIUM | N/A |
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | |||||
CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2009-10-26 | 6.8 MEDIUM | N/A |
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2009-10-11 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2009-10-07 | 5.0 MEDIUM | N/A |
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
CVE-2009-3479 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2009-09-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | |||||
CVE-2009-3437 | 2 Drupal, Henriksjokvist | 2 Drupal, Markdown Preview | 2009-09-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." | |||||
CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2009-09-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | |||||
CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2009-09-24 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | |||||
CVE-2009-3354 | 2 Andrew Sterling Hanenkamp, Drupal | 2 Rest Api Module, Drupal | 2009-09-24 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | |||||
CVE-2009-3157 | 2 Drupal, Karen Stevenson | 2 Drupal, Calendar | 2009-09-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | |||||
CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2009-07-27 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | |||||
CVE-2009-2373 | 1 Drupal | 1 Drupal | 2009-07-08 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2009-07-08 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2009-07-08 | 6.5 MEDIUM | N/A |
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | |||||
CVE-2009-2291 | 2 Chad Phillips, Drupal | 2 Logintoboggan, Drupal | 2009-07-01 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2009-06-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | |||||
CVE-2008-6835 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-6836 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | |||||
CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2009-06-18 | 7.5 HIGH | N/A |
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. |