Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-1972 |
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. Published: June 24, 2013; 12:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1906 |
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. Published: June 24, 2013; 12:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6572 |
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. Published: June 21, 2013; 3:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1905 |
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: June 20, 2013; 7:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1393 |
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. Published: June 20, 2013; 5:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1887 |
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. Published: March 27, 2013; 7:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-2715 |
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1859 |
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2013-1787 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1786 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1785 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1784 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1783 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1782 |
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1781 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1780 |
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1779 |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-1778 |
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0325 |
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0324 |
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. Published: March 27, 2013; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |