Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Drupal Subscribe
Total 823 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4207 2 Drupal, Nathan Haug 2 Drupal, Webform 2009-12-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2009-3921 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Smartqueue Og 2009-11-09 4.0 MEDIUM N/A
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
CVE-2009-3784 2 Drupal, Sjoerd Arendsen 2 Drupal, Simplenews Statistics 2009-10-26 6.8 MEDIUM N/A
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-3350 2 Drupal, Roshan Shah 2 Drupal, Subdomain Manager 2009-10-11 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVE-2009-3568 3 Dave Reid, Drupal, Gabor Hojtsy 3 Commentrss, Drupal, Commentrss 2009-10-07 5.0 MEDIUM N/A
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
CVE-2009-3479 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2009-09-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.
CVE-2009-3437 2 Drupal, Henriksjokvist 2 Drupal, Markdown Preview 2009-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
CVE-2009-3353 2 Drupal, Steve Lockwood 2 Drupal, Node2node 2009-09-28 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVE-2009-3351 2 Drupal, Kristy Frey 2 Drupal, Node Browser Module 2009-09-24 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVE-2009-3354 2 Andrew Sterling Hanenkamp, Drupal 2 Rest Api Module, Drupal 2009-09-24 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
CVE-2009-3157 2 Drupal, Karen Stevenson 2 Drupal, Calendar 2009-09-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVE-2009-2610 2 Drupal, Scott Courtney 2 Drupal, Links Package 2009-07-27 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.
CVE-2009-2370 2 Drupal, Michelle Cox 2 Drupal, Advanced Forum 2009-07-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2373 1 Drupal 1 Drupal 2009-07-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2371 2 Drupal, Michelle Cox 2 Drupal, Advanced Forum 2009-07-08 6.5 MEDIUM N/A
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
CVE-2009-2291 2 Chad Phillips, Drupal 2 Logintoboggan, Drupal 2009-07-01 6.8 MEDIUM N/A
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
CVE-2009-2076 1 Drupal 2 Drupal, Views 2009-06-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
CVE-2008-6836 2 Drupal, Peter Wolanin 2 Drupal, Openid 2009-06-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
CVE-2008-6835 2 Drupal, Peter Wolanin 2 Drupal, Openid 2009-06-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2075 2 Angrydonuts, Drupal 2 Nodequeue, Drupal 2009-06-18 7.5 HIGH N/A
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.