Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
721 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | ||||
CVE-2012-1639 | 2 Commerceguys, Drupal | 2 Commerce, Drupal | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. | ||||
CVE-2012-2300 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | ||||
CVE-2012-2341 | 2 Drupal, Rahul Singla | 2 Drupal, Take Control | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. | ||||
CVE-2012-2155 | 2 Drupal, Kyle Browning | 2 Drupal, Cdn2 Video | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2012-2154 | 2 Drupal, Kyle Browning | 2 Drupal, Cdn2 Video | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-2296 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2025-04-11 | N/A |
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. | ||||
CVE-2012-2117 | 2 Drupal, Yaniv Aran-shamir | 2 Drupal, Gigya | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-1628 | 2 63reasons, Drupal | 2 Supercron, Drupal | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | ||||
CVE-2012-2116 | 2 Commerceguys, Drupal | 2 Commerce Reorder, Drupal | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. | ||||
CVE-2012-2153 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | ||||
CVE-2012-2297 | 2 Creative Commons Module Project, Drupal | 2 Creativecommons, Drupal | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. | ||||
CVE-2012-1591 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | ||||
CVE-2012-1590 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | ||||
CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2025-04-11 | N/A |
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | ||||
CVE-2012-1624 | 2 Drupal, Lingotek | 2 Drupal, Lingotek | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. | ||||
CVE-2012-1625 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2025-04-11 | N/A |
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. | ||||
CVE-2012-2084 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. |