Filtered by vendor Drupal
Subscriptions
Total
879 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1784 | 2 Devsaran, Drupal | 2 Clean Theme, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0322 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
| CVE-2010-0370 | 3 Drupal, Roger Lopez, Thomas Turnbull | 3 Drupal, Nodeblock, Nodeblock | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | ||||
| CVE-2013-0323 | 2 Display Suite Project, Drupal | 2 Ds, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | ||||
| CVE-2012-4493 | 2 Drupal, Roy Baxter | 2 Drupal, Better Revisions | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2715 | 2 Drupal, Jason Moore | 2 Drupal, Amadou | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | ||||
| CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | ||||
| CVE-2013-0321 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
| CVE-2013-0325 | 2 Drupal, Varnish Http Accelerator Integration Project | 2 Drupal, Varnish | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. | ||||
| CVE-2013-1785 | 2 Devsaran, Drupal | 2 Responsive, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2712 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | ||||
| CVE-2012-2711 | 2 Drupal, Nancy Wichmann | 2 Drupal, Taxonomy List | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | ||||
| CVE-2012-2717 | 2 Drupal, Mathew Winstone | 2 Drupal, Mobile Tools | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | ||||
| CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2025-04-11 | N/A |
| SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | ||||
| CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2025-04-11 | N/A |
| The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | ||||
| CVE-2012-2721 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-11 | N/A |
| The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-2722 | 2 Drupal, Scott Reynen | 2 Drupal, Node Embed | 2025-04-11 | N/A |
| The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. | ||||
| CVE-2012-2725 | 2 Authoring Html, Drupal | 2 6.x-1.0, Drupal | 2025-04-11 | N/A |
| classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2012-2727 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2025-04-11 | N/A |
| Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | ||||
| CVE-2013-6386 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | ||||