National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,052 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2015-5503

Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

Published: August 18, 2015; 02:00:07 PM -04:00
V2: 5.8 MEDIUM
CVE-2015-5502

The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.

Published: August 18, 2015; 02:00:06 PM -04:00
V2: 7.5 HIGH
CVE-2015-5501

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.

Published: August 18, 2015; 02:00:04 PM -04:00
V2: 7.5 HIGH
CVE-2015-5500

Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 02:00:02 PM -04:00
V2: 3.5 LOW
CVE-2015-5499

The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.

Published: August 18, 2015; 01:59:58 PM -04:00
V2: 4.0 MEDIUM
CVE-2015-5498

The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.

Published: August 18, 2015; 01:59:56 PM -04:00
V2: 5.0 MEDIUM
CVE-2015-5497

Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 01:59:54 PM -04:00
V2: 3.5 LOW
CVE-2015-5496

The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.

Published: August 18, 2015; 01:59:53 PM -04:00
V2: 5.0 MEDIUM
CVE-2015-5495

Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 01:59:50 PM -04:00
V2: 2.1 LOW
CVE-2015-5494

Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 01:59:46 PM -04:00
V2: 3.5 LOW
CVE-2015-5493

The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.

Published: August 18, 2015; 01:59:43 PM -04:00
V2: 5.0 MEDIUM
CVE-2015-5492

Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 01:59:40 PM -04:00
V2: 4.3 MEDIUM
CVE-2015-5491

The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.

Published: August 18, 2015; 01:59:36 PM -04:00
V2: 3.5 LOW
CVE-2015-5490

The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.

Published: August 18, 2015; 01:59:31 PM -04:00
V2: 5.0 MEDIUM
CVE-2015-5489

Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form.

Published: August 18, 2015; 01:59:28 PM -04:00
V2: 3.5 LOW
CVE-2015-5488

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: August 18, 2015; 01:59:24 PM -04:00
V2: 2.1 LOW
CVE-2015-5487

Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.

Published: August 18, 2015; 01:59:21 PM -04:00
V2: 4.3 MEDIUM
CVE-2014-9740

Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.

Published: July 06, 2015; 11:59:05 AM -04:00
V2: 2.1 LOW
CVE-2014-9739

Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.

Published: July 06, 2015; 11:59:04 AM -04:00
V2: 3.5 LOW
CVE-2014-9738

Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

Published: July 06, 2015; 11:59:03 AM -04:00
V2: 4.3 MEDIUM