Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | |||||
| CVE-2012-2097 | 2 Drupal, Larry Garfield | 2 Drupal, Autosave | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node." | |||||
| CVE-2012-2340 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2025-04-11 | 3.5 LOW | N/A |
| The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. | |||||
| CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-1638 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5590 | 2 Drupal, Scripthead | 2 Drupal, Webmail Plus | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5543 | 2 Drupal, Feeds Project | 2 Drupal, Feeds | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed. | |||||
| CVE-2012-2708 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | |||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | |||||
| CVE-2013-0320 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2025-04-11 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | |||||
| CVE-2012-2706 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | |||||
| CVE-2012-4484 | 2 Drupal, Trexart | 2 Drupal, Campaignmonitor | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | |||||
| CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | |||||
| CVE-2013-1785 | 2 Devsaran, Drupal | 2 Responsive, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | |||||
| CVE-2012-5569 | 3 Basic Webmail Project, Drupal, Jason Flatt | 3 Basic Webmail, Drupal, Basic Webmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. | |||||
| CVE-2010-4521 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | |||||
| CVE-2013-0181 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. | |||||
| CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | 2.1 LOW | N/A |
| The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | |||||
| CVE-2012-5651 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. | |||||