Search Results (774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2298 2 Drupal, Nancy Wichmann 3 Drupal, Realname, Realname 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
CVE-2012-2302 2 Drupal, Nancy Wichmann 2 Drupal, Sitedoc 2025-04-11 N/A
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2304 2 Drupal, Emil Stjerneman 2 Drupal, Linkit 2025-04-11 N/A
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2158 2 Drupal, Services Project 2 Drupal, Services 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-2177 2 Drupal, Kristof De Jaeger 2 Drupal, Display Suite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
CVE-2013-2247 2 Drupal, Fast Permissions Administration Project 2 Drupal, Fast Permission Administration 2025-04-11 N/A
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
CVE-2010-1536 2 Drupal, Mearra 2 Drupal, Addthis 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2724 2 Drupal, Wimleers 2 Drupal, Hierarchical Select 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.
CVE-2010-3092 1 Drupal 1 Drupal 2025-04-11 N/A
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
CVE-2010-3094 1 Drupal 1 Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
CVE-2010-3423 2 Drupal, Freka 2 Drupal, Yr Verdata 2025-04-11 N/A
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.
CVE-2012-5007 2 Drupal, Wizonesolutions 2 Drupal, Fillpdf 2025-04-11 N/A
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information.
CVE-2010-2048 2 Drupal, Menhir 2 Drupal, Heartbeat 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5537 2 Drupal, Simplenews Scheduler Project 2 Drupal, Simplenews Scheduler 2025-04-11 N/A
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
CVE-2012-5539 2 Drupal, Organic Groups Project 2 Drupal, Organic Groups 2025-04-11 N/A
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
CVE-2012-5542 2 Drupal, Pedro Cambra 2 Drupal, Commerce Extra Panes 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items."
CVE-2012-5544 2 Drupal, Thinkshout 2 Drupal, Mandrill 2025-04-11 N/A
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.
CVE-2012-5550 2 Carlos Carvalhar, Drupal 2 Time Spent, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5554 2 Coleman Watts, Drupal 2 Webform Civicrm, Drupal 2025-04-11 N/A
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
CVE-2012-5569 3 Basic Webmail Project, Drupal, Jason Flatt 3 Basic Webmail, Drupal, Basic Webmail 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.