Search Results (992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4559 2 Drupal, Nanwich 2 Drupal, Submitted By 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.
CVE-2009-1501 2 Drupal, Exif 2 Drupal, Exif 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
CVE-2008-0568 1 Drupal 1 Secure Site Module 2026-04-23 N/A
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
CVE-2008-2850 1 Drupal 1 Trailscout Module 2026-04-23 N/A
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.
CVE-2009-4602 1 Drupal 2 Drupal, Randomizer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-7110 1 Drupal 1 Imce Module 2026-04-23 N/A
Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.
CVE-2007-3818 1 Drupal 1 Logintoboggan Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
CVE-2008-2849 1 Drupal 1 Trailscout Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1344 1 Drupal 2 Drupal, Localization Client 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
CVE-2008-4598 1 Drupal 1 Shindig-integrator 2026-04-23 N/A
Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.
CVE-2007-4064 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.
CVE-2008-3000 1 Drupal 1 Aggregation Module 2026-04-23 N/A
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
CVE-2008-4597 1 Drupal 1 Shindig-integrator 2026-04-23 N/A
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.
CVE-2009-3488 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.
CVE-2009-1342 1 Drupal 2 Cck Comment Reference, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
CVE-2009-4207 2 Drupal, Nathan Haug 2 Drupal, Webform 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2009-4515 2 Drupal, Speedtech 2 Drupal, Storm 2026-04-23 N/A
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
CVE-2007-2159 1 Drupal 1 Database Administration Module 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.
CVE-2009-3656 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVE-2009-1249 1 Drupal 2 Drupal, Feedapi Mapper 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.