Filtered by vendor Drupal
Subscribe
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | |||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | |||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | |||||
| CVE-2009-2077 | 2 Angrydonuts, Drupal | 2 Views, Drupal | 2025-04-09 | 4.0 MEDIUM | N/A |
| Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | |||||
| CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | |||||
| CVE-2008-3097 | 1 Drupal | 1 Tinytax Taxonomy Block Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term. | |||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2025-04-09 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1501 | 2 Drupal, Exif | 2 Drupal, Exif | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | |||||
| CVE-2007-3818 | 1 Drupal | 1 Logintoboggan Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block." | |||||
| CVE-2009-4066 | 2 Drupal, Paul Beaney | 2 Drupal, Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | |||||
| CVE-2009-4515 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. | |||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||||
| CVE-2009-3352 | 2 Drupal, Roshan Shah | 2 Drupal, Quota By Role | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-4064 | 2 Drupal, Puntolatinoclub | 2 Drupal, Gallery Assist Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. | |||||
| CVE-2007-0626 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.5 MEDIUM | N/A |
| The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." | |||||
| CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3488 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2025-04-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479. | |||||
| CVE-2009-1505 | 1 Drupal | 2 Drupal, News Page | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. | |||||