Search Results (992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5587 2 Drupal, Epiqo 2 Drupal, Email 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
CVE-2012-6576 2 Antti Alamki, Drupal 2 Prh Search, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0205 2 Drupal, Restful Web Services Project 2 Drupal, Restful Web Services 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVE-2013-0324 2 Drupal, Tomasbarej 2 Drupal, Menu Reference 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
CVE-2013-0207 2 Drupal, Leighton Whiting 2 Drupal, Mark Complete 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-4113 2 Drupal, Earl Miles 2 Drupal, Views 2025-04-11 N/A
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
CVE-2011-3730 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
CVE-2013-1781 2 Devsaran, Drupal 2 Professional Theme, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1905 2 Catalin Florian Radut, Drupal 2 Zeropoint, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2123 2 Drupal, Node Access User Reference Project 2 Drupal, Nodeaccess Userreference Module 2025-04-11 N/A
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.
CVE-2013-2129 2 Drupal, Nathan Haug 2 Drupal, Webform 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
CVE-2013-0206 2 Drupal, Guy Bedford 2 Drupal, Live Css 2025-04-11 N/A
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2013-2197 2 Drupal, Login Security Project 2 Drupal, Login Security 2025-04-11 N/A
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.
CVE-2013-2715 2 Drupal, Thomas Seidl 2 Drupal, Search Api 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2013-0181 2 Drupal, Thomas Seidl 2 Drupal, Search Api 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
CVE-2010-1074 2 2bits, Drupal 2 Currency, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
CVE-2012-5705 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."
CVE-2013-4174 2 Drupal, Ows 2 Drupal, Scald 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.
CVE-2012-5704 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 N/A
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself.