Search Results (774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2069 2 Drupal, Mclewin 2 Drupal, Wishlist 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.
CVE-2012-2077 2 Drupal, Rob Loach 2 Drupal, Sharethis 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."
CVE-2012-2116 2 Commerceguys, Drupal 2 Commerce Reorder, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.
CVE-2012-2308 2 Drupal, Tahiticlic 2 Drupal, Taxonomy Grid Catalog 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2310 2 Drupal, Oleg Kovalchuk 2 Drupal, Cctags 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2339 2 Drupal, Nancy Wichmann 2 Drupal, Glossary 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
CVE-2012-1060 2 Drupal, Rik De Boer 2 Drupal, Revisioning 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.
CVE-2012-1591 1 Drupal 1 Drupal 2025-04-11 N/A
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
CVE-2012-2340 2 Drupal, Geoff Davies 2 Drupal, Contact Forms 2025-04-11 N/A
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.
CVE-2012-2341 2 Drupal, Rahul Singla 2 Drupal, Take Control 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
CVE-2012-2907 2 Drupal, Ishmael Sanchez 2 Drupal, Aberdeen 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2922 1 Drupal 1 Drupal 2025-04-11 N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-2707 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 N/A
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
CVE-2010-4519 2 Drupal, Earl Miles 2 Drupal, Views 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.
CVE-2012-2720 2 Adam Ross, Drupal 2 Tokenauth, Drupal 2025-04-11 N/A
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.
CVE-2011-1664 2 Drupal, Icanlocalize 2 Drupal, Translation Management 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4497 2 Devsaran, Drupal 2 Elegant Theme, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.
CVE-2012-6573 2 Alejandro Garza, Drupal 2 Apachesolr Autocomplete, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
CVE-2012-4491 2 Drupal, Earl Dunovant 2 Drupal, Monthly Archive By Node Type 2025-04-11 N/A
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.
CVE-2012-5585 2 Drupal, Mixpanel Project 2 Drupal, Mixpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.