Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
746 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | ||||
| CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | ||||
| CVE-2009-0818 | 1 Drupal | 2 Drupal, Taxonomy Theme Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1035 | 2 Drupal, Jake Gordon | 2 Drupal, Tasks | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | ||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | ||||
| CVE-2009-1344 | 1 Drupal | 2 Drupal, Localization Client | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. | ||||
| CVE-2009-1507 | 1 Drupal | 2 Drupal, Nodeaccess Userreference | 2025-04-09 | N/A |
| The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | ||||
| CVE-2008-2998 | 1 Drupal | 2 Aggregation Module, Drupal | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | ||||
| CVE-2008-5999 | 1 Drupal | 2 Ajax Checklist, Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | ||||
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2025-04-09 | N/A |
| SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | ||||
| CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | ||||
| CVE-2009-0603 | 1 Drupal | 2 Drupal, Link Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1047 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. | ||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | ||||
| CVE-2009-1342 | 1 Drupal | 2 Cck Comment Reference, Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | ||||
| CVE-2009-1576 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks. | ||||
| CVE-2009-1501 | 2 Drupal, Exif | 2 Drupal, Exif | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | ||||