Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,083 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2014-8744

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.

Published: October 13, 2014; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8743

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.

Published: October 13, 2014; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8079

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting.

Published: October 09, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-8078

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.

Published: October 09, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8077

Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property.

Published: October 09, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8076

Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information.

Published: October 09, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8075

Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

Published: October 09, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-7980

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

Published: October 08, 2014; 2:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-7979

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Published: October 08, 2014; 2:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-7978

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Published: October 08, 2014; 2:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-7870

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results.

Published: October 06, 2014; 10:55:12 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-7869

Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: October 06, 2014; 10:55:12 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-5267

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.

Published: September 30, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-5456

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.

Published: August 25, 2014; 12:55:05 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-5266

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Published: August 18, 2014; 7:15:27 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5265

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Published: August 18, 2014; 7:15:27 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5250

Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors.

Published: August 14, 2014; 2:47:07 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-5249

SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 14, 2014; 2:47:07 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-5179

The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.

Published: August 06, 2014; 2:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-5022

Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.

Published: July 22, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM