Search Results (774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3437 2 Drupal, Henriksjokvist 2 Drupal, Markdown Preview 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
CVE-2009-0603 1 Drupal 2 Drupal, Link Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information.
CVE-2009-3651 2 Drupal, Mikeryan 2 Drupal, Browscap 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2008-4791 1 Drupal 1 Drupal 2026-04-23 N/A
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.
CVE-2009-3657 2 Drupal, Tim Nelson 2 Drupal, Shared Sign-on 2026-04-23 N/A
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2009-0817 1 Drupal 2 Drupal, Protected Node Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
CVE-2008-3742 1 Drupal 1 Drupal 2026-04-23 N/A
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
CVE-2009-3568 3 Dave Reid, Drupal, Gabor Hojtsy 3 Commentrss, Drupal, Commentrss 2026-04-23 N/A
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
CVE-2009-3782 2 2bits, Drupal 2 Userpoints, Drupal 2026-04-23 N/A
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.
CVE-2008-0462 1 Drupal 2 Archive Module, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4061 2 Drupal, Yuriy Babenko 2 Drupal, Agreement Module 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2610 2 Drupal, Scott Courtney 2 Drupal, Links Package 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.
CVE-2009-4063 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Og Subgroups 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
CVE-2009-3488 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.
CVE-2009-4065 2 Drupal, Jeff Miccolis 2 Drupal, Strongarm Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.
CVE-2007-4064 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.
CVE-2009-4296 2 Brian Miller, Drupal 2 Taxonomy Timer, Drupal 2026-04-23 N/A
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3915 2 Drupal, John C Fiala 2 Drupal, Link 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
CVE-2009-4520 2 Drupal, Kristof De Jaeger 2 Drupal, Commentreference 2026-04-23 N/A
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVE-2009-3919 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."