National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,049 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2015-3370

Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors.

Published: April 21, 2015; 12:59:29 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3369

Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block.

Published: April 21, 2015; 12:59:28 PM -04:00
V2: 3.5 LOW
CVE-2015-3368

Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name.

Published: April 21, 2015; 12:59:27 PM -04:00
V2: 3.5 LOW
CVE-2015-3367

Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors.

Published: April 21, 2015; 12:59:26 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3366

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.

Published: April 21, 2015; 12:59:25 PM -04:00
V2: 5.8 MEDIUM
CVE-2015-3365

Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block.

Published: April 21, 2015; 12:59:24 PM -04:00
V2: 3.5 LOW
CVE-2015-3364

Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.

Published: April 21, 2015; 12:59:23 PM -04:00
V2: 4.3 MEDIUM
CVE-2015-3363

Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors.

Published: April 21, 2015; 12:59:22 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3362

Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Published: April 21, 2015; 12:59:21 PM -04:00
V2: 3.5 LOW
CVE-2015-3361

Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Published: April 21, 2015; 12:59:20 PM -04:00
V2: 2.1 LOW
CVE-2015-3360

Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: April 21, 2015; 12:59:19 PM -04:00
V2: 3.5 LOW
CVE-2015-3359

Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node.

Published: April 21, 2015; 12:59:19 PM -04:00
V2: 3.5 LOW
CVE-2015-3358

Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables.

Published: April 21, 2015; 12:59:17 PM -04:00
V2: 5.8 MEDIUM
CVE-2015-3357

Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.

Published: April 21, 2015; 12:59:16 PM -04:00
V2: 3.5 LOW
CVE-2015-3356

Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors.

Published: April 21, 2015; 12:59:15 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3355

Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors.

Published: April 21, 2015; 12:59:14 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3354

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.

Published: April 21, 2015; 12:59:14 PM -04:00
V2: 5.8 MEDIUM
CVE-2015-3353

Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.

Published: April 21, 2015; 12:59:13 PM -04:00
V2: 3.5 LOW
CVE-2015-3352

Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration."

Published: April 21, 2015; 12:59:12 PM -04:00
V2: 6.8 MEDIUM
CVE-2015-3351

Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.

Published: April 21, 2015; 12:59:11 PM -04:00
V2: 6.8 MEDIUM