Search Results (774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1786 2 Devsaran, Drupal 2 Company, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1787 2 Devsaran, Drupal 2 Corporate, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1107 2 Drupal, Fourkitchens 2 Drupal, Recent Comments 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
CVE-2013-1887 2 Drupal, Views Project 2 Drupal, Views 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
CVE-2013-1906 2 Drupal, Wolfgang Ziegler 2 Drupal, Rules 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag.
CVE-2013-1907 2 Acquia, Drupal 3 Commons, Commons Group, Drupal 2025-04-11 N/A
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
CVE-2012-2057 2 Drupal, Miura 2 Drupal, Ubercart Bulk Stock Updater 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
CVE-2012-2059 2 Drupal, Steve Lockwood 2 Drupal, Ticketyboo News Ticker 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2071 2 Drupal, Geoff Davies 2 Drupal, Contact Forms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2072 2 Drupal, Patrick Przybilla 2 Drupal, Addtoany 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2083 2 Drupal, Fusiondrupalthemes 2 Drupal, Fusion 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2012-2084 2 Drupal, Joao Ventura 2 Drupal, Print 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO.
CVE-2012-2096 2 Drupal, Lullabot 2 Drupal, Fivestar Module For Drupal 2025-04-11 N/A
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
CVE-2012-2153 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
CVE-2012-2154 2 Drupal, Kyle Browning 2 Drupal, Cdn2 Video 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2155 2 Drupal, Kyle Browning 2 Drupal, Cdn2 Video 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-1971 2 Drupal, Jordan De Laune 2 Drupal, Mp3 Player 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.
CVE-2013-1972 2 Alexey Sukhotin, Drupal 2 Elfinder, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
CVE-2010-0370 3 Drupal, Roger Lopez, Thomas Turnbull 3 Drupal, Nodeblock, Nodeblock 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).
CVE-2013-2036 2 Drupal, Yoran Brault 2 Drupal, Filebrowser 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files."