Search Results (992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6573 2 Alejandro Garza, Drupal 2 Apachesolr Autocomplete, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
CVE-2013-4384 2 Drupal, Google Site Search Project 2 Drupal, Google Site Search Module 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
CVE-2013-4383 2 Dennis Bruecke, Drupal 2 Jquery Countdown, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4379 2 Drupal, Sebastien Corbin 2 Drupal, Make Meeting Scheduler Module 2025-04-11 N/A
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.
CVE-2013-4274 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page.
CVE-2012-4491 2 Drupal, Earl Dunovant 2 Drupal, Monthly Archive By Node Type 2025-04-11 N/A
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.
CVE-2013-4272 2 Botcha Spam Prevention Project, Drupal 2 Botcha, Drupal 2025-04-11 N/A
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file.
CVE-2013-4140 2 Drupal, Drupalisme 2 Drupal, Tinybox 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4139 2 Drupal, Stage File Proxy Project 2 Drupal, Stage File Proxy 2025-04-11 N/A
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests.
CVE-2014-1476 1 Drupal 1 Drupal 2025-04-11 N/A
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
CVE-2012-2730 2 Alexis Wilke, Drupal 2 Protected Node, Drupal 2025-04-11 N/A
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
CVE-2012-2729 2 Adcillc, Drupal 2 Simplemeta, Drupal 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.
CVE-2012-2728 2 Drupal, Ronan Dowling 2 Drupal, Node Hierarchy 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action.
CVE-2012-2725 2 Authoring Html, Drupal 2 6.x-1.0, Drupal 2025-04-11 N/A
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
CVE-2012-2716 2 David Stosik, Drupal 2 Comment Moderation, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.
CVE-2012-2715 2 Drupal, Jason Moore 2 Drupal, Amadou 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links.
CVE-2012-2713 2 Browserid Project, Drupal 2 Browserid, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
CVE-2012-5585 2 Drupal, Mixpanel Project 2 Drupal, Mixpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
CVE-2012-5587 2 Drupal, Epiqo 2 Drupal, Email 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
CVE-2012-6576 2 Antti Alamki, Drupal 2 Prh Search, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.