National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2015-3354

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.

Published: April 21, 2015; 12:59:14 PM -04:00
    V2: 5.8 MEDIUM
CVE-2015-3353

Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.

Published: April 21, 2015; 12:59:13 PM -04:00
    V2: 3.5 LOW
CVE-2015-3352

Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration."

Published: April 21, 2015; 12:59:12 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3351

Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.

Published: April 21, 2015; 12:59:11 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3350

Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors.

Published: April 21, 2015; 12:59:10 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3349

Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors.

Published: April 21, 2015; 12:59:09 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3348

Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Published: April 21, 2015; 12:59:08 PM -04:00
    V2: 3.5 LOW
CVE-2015-3347

Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback.

Published: April 21, 2015; 12:59:07 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3346

SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: April 21, 2015; 12:59:06 PM -04:00
    V2: 7.5 HIGH
CVE-2015-3345

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."

Published: April 21, 2015; 12:59:05 PM -04:00
    V2: 6.5 MEDIUM
CVE-2015-3344

Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Published: April 21, 2015; 12:59:04 PM -04:00
    V2: 3.5 LOW
CVE-2015-3343

Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors.

Published: April 21, 2015; 12:59:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3342

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter.

Published: April 21, 2015; 12:59:02 PM -04:00
    V2: 5.8 MEDIUM
CVE-2015-2559

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

Published: March 25, 2015; 10:59:05 AM -04:00
    V2: 3.5 LOW
CVE-2015-2215

Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

Published: March 05, 2015; 10:59:01 AM -05:00
    V2: 5.8 MEDIUM
CVE-2015-2197

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.

Published: March 03, 2015; 02:59:03 PM -05:00
    V2: 3.5 LOW
CVE-2015-2101

Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 27, 2015; 10:59:04 AM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2088

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: February 26, 2015; 10:59:02 AM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2087

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

Published: February 26, 2015; 10:59:01 AM -05:00
    V2: 6.5 MEDIUM
CVE-2015-2086

Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

Published: February 26, 2015; 10:59:00 AM -05:00
    V2: 3.5 LOW