Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4386 |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes. Published: June 15, 2015; 10:59:42 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4385 |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:41 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-4384 |
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:40 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4383 |
Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors. Published: June 15, 2015; 10:59:39 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4382 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors. Published: June 15, 2015; 10:59:38 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4381 |
Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type. Published: June 15, 2015; 10:59:37 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4380 |
Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:36 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4379 |
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. Published: June 15, 2015; 10:59:36 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4378 |
Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator. Published: June 15, 2015; 10:59:35 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-4377 |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Petition module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with the "create petition" permission to inject arbitrary web script or HTML via unknown vectors. Published: June 15, 2015; 10:59:34 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-4376 |
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:33 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4375 |
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity. Published: June 15, 2015; 10:59:32 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4373 |
Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group. Published: June 15, 2015; 10:59:31 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4372 |
Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:31 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4371 |
Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. Published: June 15, 2015; 10:59:30 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-4370 |
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. Published: June 15, 2015; 10:59:29 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4369 |
Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:27 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4368 |
The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors. Published: June 15, 2015; 10:59:26 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-4367 |
Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content. Published: June 15, 2015; 10:59:24 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4366 |
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Published: June 15, 2015; 10:59:23 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |