Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1591 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | ||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | ||||
| CVE-2012-1625 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2025-04-11 | N/A |
| Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. | ||||
| CVE-2013-1972 | 2 Alexey Sukhotin, Drupal | 2 Elfinder, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | ||||
| CVE-2013-1971 | 2 Drupal, Jordan De Laune | 2 Drupal, Mp3 Player | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. | ||||
| CVE-2012-1588 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | ||||
| CVE-2013-1908 | 3 Acquia, Commons Wikis Project, Drupal | 3 Commons, Commons Wikis, Drupal | 2025-04-11 | N/A |
| The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2025-04-11 | N/A |
| The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2012-0826 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. | ||||
| CVE-2012-1630 | 2 Drupal, Nestor Mata Cuthbert | 2 Drupal, Taxonomy Navigator | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2036 | 2 Drupal, Yoran Brault | 2 Drupal, Filebrowser | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | ||||
| CVE-2013-2122 | 2 Drupal, Quade | 2 Drupal, Edit Limit | 2025-04-11 | N/A |
| The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. | ||||
| CVE-2013-2129 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. | ||||
| CVE-2013-2177 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Display Suite | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. | ||||
| CVE-2013-4138 | 2 Alienwp, Drupal | 2 Hatch, Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4140 | 2 Drupal, Drupalisme | 2 Drupal, Tinybox | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1642 | 2 Drupal, Yaml-fuer-drupal | 2 Drupal, Linkchecker | 2025-04-11 | N/A |
| includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2025-04-11 | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | ||||
| CVE-2013-4379 | 2 Drupal, Sebastien Corbin | 2 Drupal, Make Meeting Scheduler Module | 2025-04-11 | N/A |
| The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. | ||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | ||||