National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,048 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2015-4380

Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:36 AM -04:00
V2: 3.5 LOW
CVE-2015-4379

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.

Published: June 15, 2015; 10:59:36 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4378

Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator.

Published: June 15, 2015; 10:59:35 AM -04:00
V2: 2.1 LOW
CVE-2015-4377

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Petition module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with the "create petition" permission to inject arbitrary web script or HTML via unknown vectors.

Published: June 15, 2015; 10:59:34 AM -04:00
V2: 2.1 LOW
CVE-2015-4376

Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:33 AM -04:00
V2: 3.5 LOW
CVE-2015-4375

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

Published: June 15, 2015; 10:59:32 AM -04:00
V2: 4.3 MEDIUM
CVE-2015-4373

Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.

Published: June 15, 2015; 10:59:31 AM -04:00
V2: 3.5 LOW
CVE-2015-4372

Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:31 AM -04:00
V2: 3.5 LOW
CVE-2015-4371

Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.

Published: June 15, 2015; 10:59:30 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4370

Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.

Published: June 15, 2015; 10:59:29 AM -04:00
V2: 3.5 LOW
CVE-2015-4369

Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:27 AM -04:00
V2: 3.5 LOW
CVE-2015-4368

The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors.

Published: June 15, 2015; 10:59:26 AM -04:00
V2: 5.0 MEDIUM
CVE-2015-4367

Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content.

Published: June 15, 2015; 10:59:24 AM -04:00
V2: 3.5 LOW
CVE-2015-4366

Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

Published: June 15, 2015; 10:59:23 AM -04:00
V2: 3.5 LOW
CVE-2015-4365

Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.

Published: June 15, 2015; 10:59:21 AM -04:00
V2: 3.5 LOW
CVE-2015-4364

Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).

Published: June 15, 2015; 10:59:19 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4363

Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Published: June 15, 2015; 10:59:17 AM -04:00
V2: 5.8 MEDIUM
CVE-2015-4362

Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.

Published: June 15, 2015; 10:59:16 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4361

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.

Published: June 15, 2015; 10:59:15 AM -04:00
V2: 6.8 MEDIUM
CVE-2015-4360

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors.

Published: June 15, 2015; 10:59:14 AM -04:00
V2: 6.8 MEDIUM