IDCVSSSummaryLast (major) updatePublished
CVE-2010-1074 4.3
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
17-08-2017 - 01:32 23-03-2010 - 18:30
CVE-2009-3782 3.5
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3654 6.4
Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2008-1731 7.5
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances
08-08-2017 - 01:30 11-04-2008 - 19:05
CVE-2012-1628 3.5
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 20-09-2012 - 03:46
CVE-2013-1907 5.0
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
29-08-2017 - 01:33 16-07-2013 - 18:55
CVE-2013-1908 5.0
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
17-07-2013 - 04:00 16-07-2013 - 18:55
CVE-2012-4483 5.0
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions
13-11-2012 - 05:00 31-10-2012 - 16:55
CVE-2009-3778 7.5
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2012-2720 5.0
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2729 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-5965 5.0
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
05-05-2014 - 05:28 30-09-2013 - 21:55
CVE-2010-2002 2.1
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word
21-05-2010 - 04:00 20-05-2010 - 17:30
CVE-2012-1623 5.0
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.
08-10-2012 - 04:00 06-10-2012 - 21:55
CVE-2010-2030 4.3
Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages
17-08-2017 - 01:32 24-05-2010 - 19:30
CVE-2012-2726 2.1
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the prote
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-6573 4.3
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
29-08-2017 - 01:32 25-06-2013 - 18:55
CVE-2012-1654 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or H
20-12-2012 - 05:00 18-09-2012 - 20:55
CVE-2009-4119 4.3
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 01-12-2009 - 00:30
CVE-2009-4429 3.5
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (ak
17-08-2017 - 01:31 28-12-2009 - 19:00
CVE-2013-1972 4.3
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete
29-08-2017 - 01:33 24-06-2013 - 16:55
CVE-2012-2730 7.5
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-4138 2.1
Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web
19-09-2013 - 01:10 28-08-2013 - 22:55
CVE-2012-1640 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter wh
29-08-2017 - 01:31 19-09-2012 - 21:55
CVE-2012-2070 2.1
Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the bloc
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2009-3354 10.0
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
24-09-2009 - 16:30 24-09-2009 - 16:30
CVE-2009-2075 7.5
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
19-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2009-2077 4.0
Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private conte
19-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2009-4062 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2014-1611 4.3
Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.
29-08-2017 - 01:34 30-01-2014 - 18:55
CVE-2012-2707 5.8
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2708 2.1
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-6576 4.3
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
11-10-2013 - 18:11 27-06-2013 - 20:55
CVE-2009-3648 3.5
Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying con
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2009-3442 5.0
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.
17-08-2017 - 01:31 28-09-2009 - 22:30
CVE-2012-1659 2.1
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2009-3780 4.3
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-4514 3.5
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via
11-01-2010 - 05:00 31-12-2009 - 19:30
CVE-2012-2725 3.5
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions an
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-0318 10.0
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0182 5.0
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2012-5569 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
15-04-2021 - 16:15 03-12-2012 - 21:55
CVE-2010-1362 2.1
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing p
14-04-2010 - 13:59 13-04-2010 - 18:30
CVE-2008-7150 4.3
Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displayin
17-08-2017 - 01:29 01-09-2009 - 16:30
CVE-2012-2719 5.1
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involvi
27-06-2012 - 16:51 27-06-2012 - 00:55
CVE-2012-2723 2.6
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-3799 5.1
Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site s
29-08-2017 - 01:32 27-06-2012 - 00:55
CVE-2012-4487 4.0
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.
05-11-2012 - 14:38 02-11-2012 - 15:55
CVE-2012-4486 6.8
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
06-11-2012 - 05:00 02-11-2012 - 15:55
CVE-2013-4272 4.3
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain se
05-09-2013 - 15:41 28-08-2013 - 22:55
CVE-2013-0259 2.1
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
03-07-2013 - 04:29 27-03-2013 - 21:55
CVE-2012-2063 5.0
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors.
29-08-2017 - 01:31 05-09-2012 - 00:55
CVE-2009-4296 7.5
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14-12-2009 - 05:00 11-12-2009 - 19:30
CVE-2012-2713 6.8
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
27-01-2020 - 16:24 27-06-2012 - 00:55
CVE-2009-4044 7.5
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
17-08-2017 - 01:31 20-11-2009 - 19:30
CVE-2012-2727 5.8
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination paramet
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-3798 5.0
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
27-06-2012 - 04:00 27-06-2012 - 00:55
CVE-2012-5548 4.3
Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-5550 7.5
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
04-12-2012 - 18:39 03-12-2012 - 21:55
CVE-2012-5549 6.8
Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
04-12-2012 - 18:38 03-12-2012 - 21:55
CVE-2012-5591 4.3
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases.
27-12-2012 - 05:00 26-12-2012 - 17:55
CVE-2013-1905 4.3
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:33 20-06-2013 - 23:55
CVE-2010-4813 3.5
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names
29-08-2017 - 01:29 08-07-2011 - 22:55
CVE-2009-2291 6.8
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
01-07-2009 - 13:00 01-07-2009 - 13:00
CVE-2009-3922 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete t
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2013-1859 6.4
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2009-3122 6.4
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
17-08-2017 - 01:31 09-09-2009 - 22:30
CVE-2009-3121 4.3
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 09-09-2009 - 22:30
CVE-2012-4473 3.5
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request.
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2012-2705 2.1
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2066 4.3
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web
29-08-2017 - 01:31 05-09-2012 - 00:55
CVE-2012-2067 6.8
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers t
29-08-2017 - 01:31 05-09-2012 - 00:55
CVE-2013-5937 6.8
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Fo
29-08-2017 - 01:33 25-09-2013 - 14:55
CVE-2013-5938 4.3
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.
29-08-2017 - 01:33 25-09-2013 - 14:55
CVE-2012-5554 5.0
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-1653 3.5
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
29-08-2017 - 01:31 19-09-2012 - 19:55
CVE-2012-4474 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2012-1639 3.5
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parame
29-08-2017 - 01:31 01-10-2012 - 20:55
CVE-2012-2116 6.8
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.
04-09-2012 - 04:00 31-08-2012 - 22:55
CVE-2012-2297 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) c
29-08-2017 - 01:31 26-08-2012 - 21:55
CVE-2013-1393 2.1
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:33 20-06-2013 - 21:55
CVE-2012-6065 4.6
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerabi
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-5553 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-1649 4.9
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
29-08-2017 - 01:31 09-09-2012 - 21:55
CVE-2012-1648 2.1
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 09-09-2012 - 21:55
CVE-2012-1641 6.0
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finde
29-08-2012 - 04:00 28-08-2012 - 17:55
CVE-2009-3653 3.5
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via uns
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2012-1631 6.8
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
29-08-2017 - 01:31 20-09-2012 - 03:46
CVE-2009-3568 5.0
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by rea
08-10-2009 - 04:00 06-10-2009 - 20:30
CVE-2012-4476 4.3
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-12-2012 - 05:00 30-11-2012 - 22:55
CVE-2012-4477 5.0
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors.
03-12-2012 - 05:00 30-11-2012 - 22:55
CVE-2012-4479 7.5
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
03-12-2012 - 19:24 30-11-2012 - 22:55
CVE-2012-4472 5.1
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension,
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2012-4478 6.8
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.
03-12-2012 - 19:13 30-11-2012 - 22:55
CVE-2013-0257 5.0
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2012-2716 6.8
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.
29-08-2017 - 01:31 21-06-2012 - 15:55
CVE-2009-3650 4.3
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2013-4383 2.1
Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vecto
04-02-2014 - 20:40 31-01-2014 - 15:07
CVE-2013-1780 2.1
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons
29-08-2017 - 01:33 27-03-2013 - 21:55
CVE-2013-1783 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via
29-08-2017 - 01:33 27-03-2013 - 21:55
CVE-2013-1784 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1786 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1787 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vec
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1778 2.1
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2012-4497 2.1
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a sli
29-11-2017 - 02:29 02-11-2012 - 15:55
CVE-2013-1779 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1781 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1785 2.1
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified v
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-1782 2.1
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons
24-11-2015 - 18:09 27-03-2013 - 21:55
CVE-2013-0323 4.3
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.
04-04-2013 - 04:00 27-03-2013 - 21:55
CVE-2012-1629 2.1
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 20-09-2012 - 03:46
CVE-2012-1638 6.0
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
21-09-2012 - 04:00 19-09-2012 - 21:55
CVE-2012-4471 5.0
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2009-3206 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web sc
17-08-2017 - 01:31 16-09-2009 - 17:30
CVE-2009-3207 6.8
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images
17-08-2017 - 01:31 16-09-2009 - 17:30
CVE-2012-2718 7.5
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
29-08-2017 - 01:31 21-06-2012 - 15:55
CVE-2008-5999 3.5
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involvin
08-08-2017 - 01:33 28-01-2009 - 15:30
CVE-2008-5998 6.0
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a
11-10-2018 - 20:56 28-01-2009 - 15:30
CVE-2008-0462 4.3
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-08-2017 - 01:29 25-01-2008 - 16:00
CVE-2009-1342 4.3
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
20-04-2009 - 14:30 20-04-2009 - 14:30
CVE-2009-1069 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of ca
17-08-2017 - 01:30 26-03-2009 - 05:51
CVE-2009-1036 6.8
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
17-08-2017 - 01:30 20-03-2009 - 18:30
CVE-2009-1249 4.3
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.
07-04-2009 - 04:00 06-04-2009 - 16:30
CVE-2009-0382 4.3
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified
02-02-2009 - 19:30 02-02-2009 - 19:30
CVE-2012-0914 4.3
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privile
29-08-2017 - 01:31 24-01-2012 - 18:55
CVE-2009-0818 3.5
Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" perm
17-08-2017 - 01:30 05-03-2009 - 02:30
CVE-2011-0899 5.0
The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user.
17-08-2017 - 01:33 07-02-2011 - 21:00
CVE-2010-0697 3.5
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HT
17-08-2017 - 01:32 23-02-2010 - 20:30
CVE-2009-1035 4.3
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).
17-08-2017 - 01:30 20-03-2009 - 18:30
CVE-2009-1343 4.3
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.
21-04-2009 - 04:00 20-04-2009 - 14:30
CVE-2010-0752 5.0
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via
17-08-2017 - 01:32 27-02-2010 - 00:30
CVE-2012-1057 6.0
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for
29-08-2017 - 01:31 14-02-2012 - 00:55
CVE-2012-1056 5.0
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspeci
29-08-2017 - 01:31 14-02-2012 - 00:55
CVE-2013-0205 6.8
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vector
10-11-2021 - 17:11 19-03-2013 - 14:55
CVE-2010-0370 3.5
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbit
10-10-2018 - 19:52 21-01-2010 - 22:30
CVE-2011-1066 2.6
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified v
17-08-2017 - 01:33 23-02-2011 - 01:00
CVE-2009-0817 3.5
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or
17-08-2017 - 01:30 05-03-2009 - 02:30
CVE-2009-1047 4.3
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via
01-04-2009 - 05:43 23-03-2009 - 20:00
CVE-2009-1037 5.0
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors relate
26-03-2009 - 04:00 20-03-2009 - 18:30
CVE-2012-1060 2.1
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject ar
14-02-2012 - 05:00 14-02-2012 - 00:55
CVE-2009-1344 4.3
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
20-04-2009 - 14:30 20-04-2009 - 14:30
CVE-2009-3353 10.0
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
29-09-2009 - 04:00 24-09-2009 - 16:30
CVE-2009-3350 10.0
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
12-10-2009 - 04:00 24-09-2009 - 16:30
CVE-2009-3786 4.3
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3920 5.0
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2012-2056 6.8
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
18-09-2012 - 04:00 17-09-2012 - 20:55
CVE-2009-3652 3.5
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2009-3919 4.3
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-1823 2.6
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document
17-08-2017 - 01:30 29-05-2009 - 16:30
CVE-2009-3363 4.3
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
17-08-2017 - 01:31 24-09-2009 - 16:30
CVE-2010-1543 4.3
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site.
17-08-2017 - 01:32 26-04-2010 - 19:30
CVE-2009-3656 6.8
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2009-1507 7.5
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended acces
13-05-2009 - 05:28 01-05-2009 - 17:30
CVE-2010-1539 2.1
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain
17-08-2017 - 01:32 26-04-2010 - 19:30
CVE-2009-2078 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page
17-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2010-2125 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary we
17-08-2017 - 01:32 01-06-2010 - 21:30
CVE-2009-3435 4.3
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
17-08-2017 - 01:31 28-09-2009 - 22:30
CVE-2009-2572 6.8
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes.
17-08-2017 - 01:30 22-07-2009 - 17:30
CVE-2010-1107 3.5
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
17-08-2017 - 01:32 25-03-2010 - 17:30
CVE-2011-1661 5.0
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
17-08-2017 - 01:34 10-04-2011 - 02:51
CVE-2009-3479 4.3
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary we
01-10-2009 - 04:00 30-09-2009 - 15:30
CVE-2009-1505 6.5
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
17-08-2017 - 01:30 01-05-2009 - 17:30
CVE-2008-1980 4.3
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-08-2017 - 01:30 27-04-2008 - 20:05
CVE-2010-2158 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, o
08-06-2010 - 04:00 07-06-2010 - 17:12
CVE-2009-3437 4.3
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
30-09-2009 - 04:00 28-09-2009 - 22:30
CVE-2012-2340 3.5
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspec
28-06-2012 - 03:43 21-05-2012 - 20:55
CVE-2009-3915 4.3
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title fi
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-3917 4.3
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-4043 4.3
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
17-08-2017 - 01:31 20-11-2009 - 19:30
CVE-2010-1976 2.1
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrum
17-08-2017 - 01:32 19-05-2010 - 20:00
CVE-2008-1978 3.5
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector tha
08-08-2017 - 01:30 27-04-2008 - 20:05
CVE-2010-2724 2.1
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspec
17-08-2017 - 01:32 13-07-2010 - 18:30
CVE-2008-1792 4.3
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-08-2017 - 01:30 15-04-2008 - 17:05
CVE-2009-3657 5.8
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2009-3781 7.5
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3916 4.3
Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title.
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-2237 7.5
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, prob
17-08-2017 - 01:30 27-06-2009 - 18:47
CVE-2011-1664 6.8
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
17-08-2017 - 01:34 10-04-2011 - 02:51
CVE-2010-1303 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject
17-08-2017 - 01:32 08-04-2010 - 16:30
CVE-2010-1530 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML vi
27-04-2010 - 04:00 26-04-2010 - 18:30
CVE-2009-2076 3.5
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view n
29-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2009-4063 4.3
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2010-1536 2.1
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified v
27-04-2010 - 16:04 26-04-2010 - 19:30
CVE-2010-1998 2.1
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.
17-08-2017 - 01:32 20-05-2010 - 17:30
CVE-2009-3351 10.0
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
24-09-2009 - 16:30 24-09-2009 - 16:30
CVE-2010-2353 5.0
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and
17-08-2017 - 01:32 21-06-2010 - 19:30
CVE-2009-3785 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3918 4.3
Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-3156 2.1
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script o
17-08-2017 - 01:31 10-09-2009 - 18:30
CVE-2010-1358 2.1
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via un
14-04-2010 - 04:00 13-04-2010 - 18:30
CVE-2010-1984 2.1
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the ta
17-08-2017 - 01:32 19-05-2010 - 20:30
CVE-2009-3783 4.3
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3914 4.3
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.
17-08-2017 - 01:31 09-11-2009 - 17:30
CVE-2009-4042 4.3
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
17-08-2017 - 01:31 20-11-2009 - 19:30
CVE-2009-2079 3.5
Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to
17-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2009-2083 3.5
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxono
17-06-2009 - 04:00 16-06-2009 - 21:00
CVE-2012-2341 6.8
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
29-12-2017 - 02:29 18-05-2012 - 22:55
CVE-2009-2371 6.5
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to
08-07-2009 - 15:30 08-07-2009 - 15:30
CVE-2009-3779 4.3
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard funct
17-08-2017 - 01:31 26-10-2009 - 17:30
CVE-2009-3784 6.8
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
27-10-2009 - 04:00 26-10-2009 - 17:30
CVE-2009-2074 3.5
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.
17-06-2009 - 04:00 16-06-2009 - 19:30
CVE-2009-4061 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2009-3157 3.5
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
11-09-2009 - 04:00 10-09-2009 - 18:30
CVE-2009-3651 4.3
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2010-1584 2.1
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
17-08-2017 - 01:32 19-05-2010 - 12:08
CVE-2010-2001 2.6
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
21-05-2010 - 04:00 20-05-2010 - 17:30
CVE-2010-1108 3.5
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified
17-08-2017 - 01:32 25-03-2010 - 17:30
CVE-2010-2048 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:32 25-05-2010 - 18:30
CVE-2011-1662 4.3
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:34 10-04-2011 - 02:51
CVE-2009-1501 4.3
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
13-05-2009 - 05:28 01-05-2009 - 17:30
CVE-2010-2000 2.1
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via un
21-05-2010 - 04:00 20-05-2010 - 17:30
CVE-2009-2370 4.3
Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-07-2009 - 15:30 08-07-2009 - 15:30
CVE-2011-1663 7.5
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17-08-2017 - 01:34 10-04-2011 - 02:51
CVE-2009-2610 3.5
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.
27-07-2009 - 18:30 27-07-2009 - 18:30
CVE-2010-2352 5.0
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
17-08-2017 - 01:32 21-06-2010 - 19:30
CVE-2012-2907 2.6
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary
29-08-2017 - 01:31 21-05-2012 - 18:55
CVE-2009-4064 4.3
Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2009-4065 4.3
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2010-1958 2.1
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject ar
17-08-2017 - 01:32 21-06-2010 - 19:30
CVE-2010-2123 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address,
17-08-2017 - 01:32 01-06-2010 - 21:30
CVE-2008-2629 7.5
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
29-09-2017 - 01:31 10-06-2008 - 00:32
CVE-2009-3210 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via
17-08-2017 - 01:31 16-09-2009 - 17:30
CVE-2009-3921 4.0
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary org
10-11-2009 - 05:00 09-11-2009 - 17:30
CVE-2009-4066 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors r
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2009-3488 2.1
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a di
17-08-2017 - 01:31 30-09-2009 - 15:30
CVE-2012-2339 4.3
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
29-08-2017 - 01:31 21-05-2012 - 20:55
CVE-2010-3423 7.5
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.
17-08-2017 - 01:32 16-09-2010 - 22:00
CVE-2009-4207 4.3
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
08-12-2009 - 05:00 04-12-2009 - 19:30
CVE-2009-4771 5.0
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vec
17-08-2017 - 01:31 20-04-2010 - 14:30
CVE-2010-4775 5.0
The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships.
17-08-2017 - 01:33 23-03-2011 - 22:00
CVE-2009-4524 4.3
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2011-5030 3.5
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "n
29-08-2017 - 01:30 29-12-2011 - 22:55
CVE-2009-4527 4.6
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain pr
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2009-4528 6.5
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2009-4559 3.5
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted
17-08-2017 - 01:31 04-01-2010 - 21:30
CVE-2009-4513 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2009-4516 4.3
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-01-2010 - 05:00 31-12-2009 - 19:30
CVE-2009-4532 3.5
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field lab
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2008-6020 7.5
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
08-08-2017 - 01:33 02-02-2009 - 22:00
CVE-2008-6972 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label,"
17-08-2017 - 01:29 13-08-2009 - 16:30
CVE-2008-6910 7.5
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
17-08-2017 - 01:29 06-08-2009 - 18:30
CVE-2010-4520 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title.
23-12-2010 - 18:00 23-12-2010 - 18:00
CVE-2008-6383 6.0
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via uns
17-08-2017 - 01:29 02-03-2009 - 19:30
CVE-2009-4990 4.3
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
25-08-2010 - 20:00 25-08-2010 - 20:00
CVE-2009-4520 5.0
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
06-01-2010 - 05:00 31-12-2009 - 19:30
CVE-2009-4534 4.3
Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
04-01-2010 - 05:00 31-12-2009 - 19:30
CVE-2009-4557 2.1
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authentica
17-08-2017 - 01:31 04-01-2010 - 21:30
CVE-2009-4526 5.0
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titl
04-01-2010 - 19:51 31-12-2009 - 19:30
CVE-2009-4533 5.0
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vector
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2008-4633 6.0
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related t
08-08-2017 - 01:32 21-10-2008 - 01:18
CVE-2008-5996 3.5
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML
08-08-2017 - 01:33 28-01-2009 - 15:30
CVE-2008-6137 7.5
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.
17-08-2017 - 01:29 14-02-2009 - 02:30
CVE-2008-6835 4.3
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-06-2009 - 04:00 27-06-2009 - 18:47
CVE-2008-6908 7.5
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
17-08-2017 - 01:29 06-08-2009 - 17:30
CVE-2009-4525 4.3
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a l
17-08-2017 - 01:31 31-12-2009 - 19:30
CVE-2009-4773 6.8
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown
17-08-2017 - 01:31 20-04-2010 - 14:30
CVE-2009-4517 6.8
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
08-01-2010 - 17:50 31-12-2009 - 19:30
CVE-2009-4772 4.3
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive in
17-08-2017 - 01:31 20-04-2010 - 14:30
CVE-2010-4519 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests tha
27-12-2010 - 05:00 23-12-2010 - 18:00
CVE-2009-4515 5.0
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
08-01-2010 - 20:29 31-12-2009 - 19:30
CVE-2009-4518 4.3
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
07-01-2010 - 05:00 31-12-2009 - 19:30
CVE-2010-4521 4.3
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path.
11-01-2011 - 06:46 23-12-2010 - 18:00
CVE-2008-6135 4.3
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17-08-2017 - 01:29 14-02-2009 - 02:30
CVE-2009-4602 4.3
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13-01-2010 - 05:00 12-01-2010 - 17:30
CVE-2009-4558 5.0
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pag
17-08-2017 - 01:31 04-01-2010 - 21:30
CVE-2011-4113 7.5
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
29-08-2017 - 01:30 17-02-2012 - 23:55
CVE-2009-5096 4.3
Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.
29-08-2017 - 01:29 13-09-2011 - 19:59
CVE-2011-4560 3.5
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.
29-08-2017 - 01:30 28-11-2011 - 21:55
CVE-2008-7151 6.8
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.
17-08-2017 - 01:29 01-09-2009 - 16:30
CVE-2008-4710 4.3
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-08-2017 - 01:32 23-10-2008 - 17:17
CVE-2008-6413 4.3
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
17-08-2017 - 01:29 06-03-2009 - 11:30
CVE-2008-6909 6.5
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers t
17-08-2017 - 01:29 06-08-2009 - 18:30
CVE-2009-4829 2.1
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via un
28-04-2010 - 04:00 27-04-2010 - 15:30
CVE-2008-6134 7.5
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17-08-2017 - 01:29 14-02-2009 - 02:30
CVE-2008-6836 6.8
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
29-06-2009 - 04:00 27-06-2009 - 18:47
CVE-2013-0322 4.3
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
20-07-2013 - 03:35 27-03-2013 - 21:55
CVE-2013-0325 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0225 2.1
Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary we
21-03-2013 - 04:00 19-03-2013 - 14:55
CVE-2013-0321 4.3
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
28-03-2013 - 15:28 27-03-2013 - 21:55
CVE-2013-0207 6.8
Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
21-03-2013 - 14:21 19-03-2013 - 14:55
CVE-2013-0317 4.3
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager aut
04-04-2013 - 04:00 27-03-2013 - 21:55
CVE-2011-0771 6.8
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a cra
17-08-2017 - 01:33 04-02-2011 - 01:00
CVE-2013-0227 2.1
Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.
21-03-2013 - 04:00 19-03-2013 - 14:55
CVE-2013-0206 6.0
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an e
21-03-2013 - 09:26 19-03-2013 - 14:55
CVE-2013-0260 2.1
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0320 5.1
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy
28-03-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0324 2.1
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web sc
04-04-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0224 4.4
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.
21-03-2013 - 04:00 19-03-2013 - 14:55
CVE-2013-0181 2.6
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, w
29-08-2017 - 01:32 27-03-2013 - 21:55
CVE-2013-0258 6.8
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in
05-04-2013 - 04:00 27-03-2013 - 21:55
CVE-2013-0319 4.3
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
04-04-2013 - 04:00 27-03-2013 - 21:55
CVE-2012-1645 2.6
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
29-08-2012 - 04:00 28-08-2012 - 17:55
CVE-2012-2069 6.8
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting
30-10-2012 - 04:03 06-09-2012 - 17:55
CVE-2012-2117 4.3
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 31-08-2012 - 22:55
CVE-2013-1906 4.3
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag.
25-06-2013 - 15:12 24-06-2013 - 16:55
CVE-2012-2073 6.0
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-2155 6.8
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2013-2036 4.3
Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files."
29-08-2017 - 01:33 24-06-2013 - 16:55
CVE-2012-2704 5.0
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.ph
29-08-2017 - 01:31 31-08-2012 - 20:55
CVE-2012-2083 4.3
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
04-09-2012 - 04:00 31-08-2012 - 22:55
CVE-2012-2068 2.1
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (
29-08-2017 - 01:31 05-09-2012 - 00:55
CVE-2012-2299 2.1
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
15-08-2012 - 04:00 14-08-2012 - 22:55
CVE-2012-2306 7.5
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11-09-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2712 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to th
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-1633 6.8
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
29-04-2017 - 01:59 20-09-2012 - 00:55
CVE-2012-2072 2.1
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-1626 6.0
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
29-08-2017 - 01:31 20-09-2012 - 03:46
CVE-2012-1647 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web
29-08-2017 - 01:31 28-08-2012 - 17:55
CVE-2012-2298 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete ca
29-08-2017 - 01:31 14-08-2012 - 22:55
CVE-2012-1624 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.
29-08-2017 - 01:31 06-10-2012 - 21:55
CVE-2012-2300 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or
15-08-2012 - 18:47 14-08-2012 - 22:55
CVE-2013-1887 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
28-03-2013 - 04:00 27-03-2013 - 23:55
CVE-2012-1642 5.0
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors.
29-08-2012 - 04:00 28-08-2012 - 17:55
CVE-2012-1650 6.0
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass inte
29-08-2017 - 01:31 28-08-2012 - 17:55
CVE-2012-1657 2.1
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2012-2071 2.1
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-2304 4.3
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
29-08-2017 - 01:31 14-08-2012 - 22:55
CVE-2012-2057 6.8
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2012-1660 2.1
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with t
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2013-1946 4.3
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a
26-02-2020 - 17:20 06-04-2014 - 16:55
CVE-2012-1656 6.8
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2012-2703 2.6
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-2197 4.3
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.
07-10-2013 - 17:46 28-08-2013 - 22:55
CVE-2012-2075 2.1
Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-1644 2.1
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
29-08-2017 - 01:31 28-08-2012 - 17:55
CVE-2012-2058 5.0
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2012-2097 6.8
Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results
29-08-2017 - 01:31 14-08-2012 - 21:55
CVE-2012-2308 3.5
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 25-07-2012 - 21:55
CVE-2012-2722 4.3
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restricti
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2706 4.3
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2717 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General config
29-08-2017 - 01:31 27-06-2012 - 21:55
CVE-2012-2731 2.6
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a we
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-1635 6.4
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access r
29-08-2012 - 04:00 28-08-2012 - 17:55
CVE-2012-1658 2.1
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2012-2059 4.3
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2013-2158 6.8
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
29-08-2017 - 01:33 01-07-2013 - 21:55
CVE-2006-4120 5.1
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. If you do not use the Recipe Module, or use R
20-07-2017 - 01:32 14-08-2006 - 23:04
CVE-2012-2060 4.3
Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2012-2081 5.0
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2013-2129 4.3
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML v
29-08-2017 - 01:33 24-06-2013 - 16:55
CVE-2012-1634 4.3
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.
29-08-2017 - 01:31 06-10-2012 - 21:55
CVE-2009-1738 3.5
Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator it
17-08-2017 - 01:30 20-05-2009 - 19:30
CVE-2012-1625 6.0
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to exe
20-09-2012 - 18:12 20-09-2012 - 03:46
CVE-2012-1636 4.3
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.
02-10-2012 - 04:00 01-10-2012 - 22:55
CVE-2012-1651 3.5
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
20-09-2012 - 04:00 19-09-2012 - 19:55
CVE-2012-2061 6.8
Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2012-2154 4.3
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-2296 5.0
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a
29-08-2017 - 01:31 25-07-2012 - 21:55
CVE-2012-2307 6.8
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
30-07-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2728 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-2123 5.8
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user
07-10-2013 - 17:48 28-08-2013 - 22:55
CVE-2012-1652 2.1
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related
29-08-2017 - 01:31 19-09-2012 - 19:55
CVE-2012-2721 6.8
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possi
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-2177 4.3
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle l
26-06-2013 - 19:23 25-06-2013 - 18:55
CVE-2012-1627 3.5
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.
15-10-2012 - 04:00 20-09-2012 - 00:55
CVE-2012-1632 2.1
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or H
20-09-2012 - 17:51 20-09-2012 - 00:55
CVE-2012-2065 3.5
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unsp
05-09-2012 - 04:00 05-09-2012 - 00:55
CVE-2012-2077 5.1
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-2080 6.8
Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-1630 2.1
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:31 20-09-2012 - 03:46
CVE-2012-1655 4.0
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.
29-08-2017 - 01:31 18-09-2012 - 20:55
CVE-2012-2074 5.0
Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors.
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2013-2247 7.5
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edi
07-10-2013 - 17:45 28-08-2013 - 22:55
CVE-2010-2021 5.8
Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks
17-08-2017 - 01:32 25-06-2012 - 21:55
CVE-2012-2096 5.0
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
15-08-2012 - 04:00 14-08-2012 - 21:55
CVE-2012-1643 5.0
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.
29-08-2012 - 04:00 28-08-2012 - 17:55
CVE-2012-2062 6.4
Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
29-08-2017 - 01:31 17-09-2012 - 20:55
CVE-2012-2084 4.3
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the
29-08-2017 - 01:31 22-11-2012 - 12:28
CVE-2012-2302 5.0
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
08-08-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2309 3.5
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
30-07-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2064 4.3
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
05-09-2012 - 04:00 05-09-2012 - 00:55
CVE-2012-2310 3.5
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
08-08-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2076 2.1
Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecif
29-08-2017 - 01:31 14-08-2012 - 23:55
CVE-2012-2715 4.3
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2305 6.8
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries.
09-08-2012 - 04:00 25-07-2012 - 21:55
CVE-2012-2303 7.5
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Space
09-08-2012 - 04:00 18-07-2012 - 18:55
CVE-2013-1971 2.1
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.
29-08-2017 - 01:33 25-06-2013 - 18:55
CVE-2012-2702 5.0
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2710 2.6
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content titl
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2012-2711 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors relat
29-08-2017 - 01:31 27-06-2012 - 00:55
CVE-2013-2122 5.0
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
29-08-2017 - 01:33 16-07-2013 - 18:55
CVE-2012-2922 5.0
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
29-08-2017 - 01:31 21-05-2012 - 22:55
CVE-2012-4490 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address.
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2012-4485 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create
20-07-2013 - 03:31 31-10-2012 - 16:55
CVE-2012-4492 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecif
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2008-4793 7.5
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
08-08-2017 - 01:32 29-10-2008 - 15:31
CVE-2013-4140 2.1
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:33 29-07-2013 - 23:27
CVE-2011-5189 2.1
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML
29-08-2017 - 01:30 20-09-2012 - 10:55
CVE-2012-4470 7.5
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2012-4482 5.0
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors.
02-11-2012 - 04:00 31-10-2012 - 16:55
CVE-2013-4139 5.0
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests.
29-08-2013 - 17:06 28-08-2013 - 22:55
CVE-2011-5187 2.1
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecifi
29-08-2017 - 01:30 20-09-2012 - 10:55
CVE-2010-5276 4.3
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again."
08-10-2012 - 21:19 07-10-2012 - 20:55
CVE-2012-4469 2.6
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token,
03-12-2012 - 05:00 30-11-2012 - 22:55
CVE-2007-6752 6.8
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the
28-03-2012 - 16:30 28-03-2012 - 10:54
CVE-2013-4177 5.0
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified v
30-05-2014 - 13:34 29-05-2014 - 14:19
CVE-2011-5188 2.1
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:30 20-09-2012 - 10:55
CVE-2013-4178 5.0
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).
30-05-2014 - 13:35 29-05-2014 - 14:19
CVE-2013-4502 4.0
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.
14-05-2014 - 18:34 13-05-2014 - 15:55
CVE-2013-4379 6.4
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.
10-10-2013 - 20:41 09-10-2013 - 17:55
CVE-2012-4493 2.1
Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web scri
06-11-2012 - 05:00 02-11-2012 - 15:55
CVE-2010-5275 4.3
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-10-2012 - 04:00 07-10-2012 - 20:55
CVE-2012-4499 5.0
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors.
01-11-2012 - 04:00 31-10-2012 - 16:55
CVE-2012-4500 3.5
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2013-4230 6.0
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitte
29-08-2017 - 01:33 21-08-2013 - 14:55
CVE-2012-5007 5.0
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NO
20-09-2012 - 18:47 20-09-2012 - 03:46
CVE-2012-4475 5.0
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors.
03-12-2012 - 05:00 30-11-2012 - 22:55
CVE-2012-4484 4.3
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in
27-06-2018 - 01:29 31-10-2012 - 16:55
CVE-2012-4494 4.3
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.
02-11-2012 - 04:00 31-10-2012 - 16:55
CVE-2013-4504 2.6
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
14-05-2014 - 16:57 13-05-2014 - 15:55
CVE-2012-5539 3.5
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is wa
06-05-2020 - 12:48 03-12-2012 - 21:55
CVE-2012-4489 5.8
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q para
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2013-4446 6.8
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to
09-12-2013 - 17:38 07-12-2013 - 20:55
CVE-2013-4498 2.1
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authe
19-05-2014 - 16:45 17-05-2014 - 20:55
CVE-2012-4468 4.3
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.
30-01-2013 - 04:54 30-11-2012 - 22:55
CVE-2012-4496 2.1
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels p
30-11-2017 - 02:29 31-10-2012 - 16:55
CVE-2012-5537 6.0
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2008-4790 6.0
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
08-08-2017 - 01:32 29-10-2008 - 15:31
CVE-2012-4491 5.8
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2013-4229 2.1
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
29-08-2017 - 01:33 21-08-2013 - 14:55
CVE-2012-5541 4.3
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from T
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2010-5277 4.9
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified v
29-08-2017 - 01:29 07-10-2012 - 20:55
CVE-2012-5543 4.3
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-5556 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unkn
26-02-2020 - 17:25 03-12-2012 - 21:55
CVE-2012-5588 2.6
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to emai
27-12-2012 - 05:00 26-12-2012 - 17:55
CVE-2008-4789 6.0
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
08-08-2017 - 01:32 29-10-2008 - 15:31
CVE-2013-4274 2.1
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Ad
29-08-2013 - 17:21 28-08-2013 - 22:55
CVE-2012-5547 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2007-5416 6.8
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal
15-10-2018 - 21:44 12-10-2007 - 21:17
CVE-2012-4488 5.0
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
02-11-2012 - 04:00 31-10-2012 - 16:55
CVE-2013-4384 4.3
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google AP
29-08-2017 - 01:33 09-10-2013 - 14:54
CVE-2012-4495 4.0
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.
02-03-2013 - 04:45 31-10-2012 - 16:55
CVE-2012-5538 2.1
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web s
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2013-4445 4.9
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access toke
09-12-2013 - 17:36 07-12-2013 - 20:55
CVE-2012-5586 2.1
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the pa
26-02-2013 - 04:52 26-12-2012 - 17:55
CVE-2012-5551 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sa
26-02-2013 - 04:52 03-12-2012 - 21:55
CVE-2012-3802 4.0
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
29-08-2017 - 01:32 27-06-2012 - 18:55
CVE-2012-4498 7.5
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.
06-11-2012 - 05:00 02-11-2012 - 15:55
CVE-2012-5589 3.5
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary nod
27-12-2012 - 05:00 26-12-2012 - 17:55
CVE-2013-4380 2.1
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary
21-05-2014 - 18:44 20-05-2014 - 14:55
CVE-2012-5654 4.3
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sens
03-01-2013 - 05:00 03-01-2013 - 01:55
CVE-2012-3800 2.1
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors relat
29-08-2017 - 01:32 27-06-2012 - 00:55
CVE-2013-4174 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_sca
29-08-2017 - 01:33 19-08-2013 - 23:55
CVE-2012-5545 2.1
Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors r
26-02-2013 - 04:52 03-12-2012 - 21:55
CVE-2012-5590 7.5
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26-02-2013 - 04:52 26-12-2012 - 17:55
CVE-2013-2715 2.1
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field n
29-08-2017 - 01:33 27-03-2013 - 21:55
CVE-2012-5544 4.0
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.
17-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-5584 4.3
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
08-01-2013 - 05:00 26-12-2012 - 17:55
CVE-2012-5233 2.1
Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.
02-10-2012 - 04:00 01-10-2012 - 22:55
CVE-2012-5540 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors.
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-5552 5.0
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
20-07-2013 - 03:33 03-12-2012 - 21:55
CVE-2012-5542 6.8
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane
29-08-2017 - 01:32 03-12-2012 - 21:55
CVE-2012-5557 3.6
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated use
04-12-2012 - 05:00 03-12-2012 - 21:55
CVE-2012-6575 4.3
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:32 27-06-2013 - 20:55
CVE-2013-5964 2.1
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag titl
10-10-2013 - 18:56 30-09-2013 - 21:55
CVE-2012-5585 2.1
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
26-02-2013 - 04:52 26-12-2012 - 17:55
CVE-2012-5655 5.0
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
07-01-2013 - 05:00 03-01-2013 - 01:55
CVE-2012-5704 3.5
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself.
01-11-2012 - 10:44 01-11-2012 - 10:44
CVE-2012-5587 4.3
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
08-01-2013 - 05:00 26-12-2012 - 17:55
CVE-2013-7067 5.8
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
29-08-2017 - 01:34 19-12-2013 - 04:24
CVE-2013-5315 2.6
Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML v
29-08-2017 - 01:33 19-08-2013 - 23:55
CVE-2012-5705 2.1
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web sc
02-11-2012 - 04:00 01-11-2012 - 10:44
CVE-2012-6582 2.6
Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged b
29-08-2017 - 01:32 20-08-2013 - 18:14
CVE-2013-7302 6.8
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowle
30-04-2014 - 14:04 29-04-2014 - 14:38
CVE-2015-8095 5.0
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
10-11-2015 - 16:45 09-11-2015 - 16:59
CVE-2012-6572 4.3
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary
29-08-2017 - 01:32 21-06-2013 - 19:55
CVE-2012-6574 4.3
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
29-08-2017 - 01:32 27-06-2013 - 20:55
CVE-2012-6583 2.1
Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.
29-08-2017 - 01:32 23-08-2013 - 15:55
CVE-2018-7600 7.5
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
01-03-2019 - 18:04 29-03-2018 - 07:29
CVE-2020-13677 4.3
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
08-07-2022 - 18:19 11-02-2022 - 16:15
CVE-2020-13672 2.6
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x
12-04-2022 - 16:52 11-02-2022 - 16:15
Back to Top Mark selected
Back to Top