Filtered by vendor Drupal
Subscriptions
Total
862 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5275 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5590 | 2 Drupal, Scripthead | 2 Drupal, Webmail Plus | 2025-04-11 | N/A |
| SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-4477 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
| Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | ||||
| CVE-2012-2060 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2061 | 2 Drupal, Nijskens Raf | 2 Drupal, Admintools | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens." | ||||
| CVE-2012-5588 | 2 Drupal, Epiqo | 2 Drupal, Email | 2025-04-11 | N/A |
| The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | ||||
| CVE-2010-4521 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | ||||
| CVE-2012-5587 | 2 Drupal, Epiqo | 2 Drupal, Email | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | ||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-11 | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | ||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2012-5584 | 2 Drupal, M2osw | 2 Drupal, Tableofcontents | 2025-04-11 | N/A |
| The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | ||||
| CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | ||||
| CVE-2012-2066 | 2 Ckeditor, Drupal | 3 Ckeditor, Fckeditor, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-3022 | 1 Drupal | 1 Devel Module | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | ||||
| CVE-2012-5556 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
| CVE-2012-5554 | 2 Coleman Watts, Drupal | 2 Webform Civicrm, Drupal | 2025-04-11 | N/A |
| The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. | ||||
| CVE-2010-2352 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2025-04-11 | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | ||||
| CVE-2012-5552 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2025-04-11 | N/A |
| The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." | ||||
| CVE-2012-5551 | 2 Drupal, Thinkshout | 2 Drupal, Mailchimp | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests." | ||||
| CVE-2010-2125 | 2 Drupal, Systemseed | 2 Drupal, Rotor | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | ||||