Filtered by vendor Drupal
Subscriptions
Total
887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | ||||
| CVE-2008-6908 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | ||||
| CVE-2009-1037 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | N/A |
| Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API. | ||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | ||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2025-04-09 | N/A |
| Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | ||||
| CVE-2009-2373 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | ||||
| CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | ||||
| CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | ||||
| CVE-2009-3437 | 2 Drupal, Henriksjokvist | 2 Drupal, Markdown Preview | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." | ||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2025-04-09 | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | ||||
| CVE-2009-3916 | 2 Drupal, Ronan Dowling | 2 Drupal, Nodehierarchy | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. | ||||
| CVE-2009-4044 | 2 Bruno Massa, Drupal | 2 Web Services, Drupal | 2025-04-09 | N/A |
| The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | ||||
| CVE-2009-4062 | 2 Anon-design, Drupal | 2 Printfriendly, Drupal | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4064 | 2 Drupal, Puntolatinoclub | 2 Drupal, Gallery Assist Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. | ||||
| CVE-2009-4065 | 2 Drupal, Jeff Miccolis | 2 Drupal, Strongarm Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. | ||||
| CVE-2009-4066 | 2 Drupal, Paul Beaney | 2 Drupal, Phplist | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | ||||
| CVE-2009-4369 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. | ||||
| CVE-2009-4518 | 2 Drupal, Mark Burton | 2 Drupal, Insertnode | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. | ||||