National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,061 matching records.
Displaying matches 1021 through 1040.
Vuln ID Summary CVSS Severity
CVE-2006-6531

Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles.

Published: December 13, 2006; 08:28:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-6386

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.

Published: December 07, 2006; 08:28:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-5608

SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."

Published: October 30, 2006; 06:07:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-5475

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

Published: October 24, 2006; 04:07:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2006-5476

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

Published: October 24, 2006; 04:07:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-5477

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

Published: October 24, 2006; 04:07:00 PM -04:00
    V2: 2.6 LOW
CVE-2006-4947

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."

Published: September 22, 2006; 09:07:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2006-4949

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.

Published: September 22, 2006; 09:07:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-4821

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 15, 2006; 06:07:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-4717

The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.

Published: September 12, 2006; 12:07:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4646

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 08, 2006; 05:04:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2006-4355

Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 2.6 LOW
CVE-2006-4356

SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4360

Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 3.5 LOW
CVE-2006-4120

Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 14, 2006; 07:04:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4107

SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4108

SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4109

Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-4002

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.

Published: August 07, 2006; 03:04:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-3570

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 12, 2006; 09:05:00 PM -04:00
    V2: 4.3 MEDIUM