Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,083 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.

Published: November 12, 2014; 11:55:07 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-8734

The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.

Published: November 12, 2014; 11:55:07 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-4594

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

Published: October 25, 2014; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-7407

Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: October 22, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8379

Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.

Published: October 21, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8378

Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.

Published: October 21, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8376

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.

Published: October 21, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-7406

SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 21, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-5169

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

Published: October 20, 2014; 1:55:06 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8320

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page.

Published: October 17, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8319

Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title.

Published: October 17, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8318

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key.

Published: October 17, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8317

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text.

Published: October 17, 2014; 10:55:02 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8296

Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 16, 2014; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Published: October 15, 2014; 8:55:06 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8765

Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.

Published: October 14, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8748

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name.

Published: October 13, 2014; 2:55:03 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8747

Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.

Published: October 13, 2014; 2:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8746

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Published: October 13, 2014; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8745

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label.

Published: October 13, 2014; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW