National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,061 matching records.
Displaying matches 861 through 880.
Vuln ID Summary CVSS Severity
CVE-2009-1505

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

Published: May 01, 2009; 01:30:00 PM -04:00
    V2: 6.5 MEDIUM
CVE-2009-1501

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

Published: May 01, 2009; 01:30:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1344

Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

Published: April 20, 2009; 10:30:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1343

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.

Published: April 20, 2009; 10:30:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1342

Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.

Published: April 20, 2009; 10:30:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1249

Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.

Published: April 06, 2009; 12:30:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-6533

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: March 26, 2009; 05:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-6532

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Published: March 26, 2009; 05:00:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-1069

Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.

Published: March 26, 2009; 01:51:52 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1047

Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.

Published: March 23, 2009; 04:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1037

Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API.

Published: March 20, 2009; 02:30:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2009-1036

Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.

Published: March 20, 2009; 02:30:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-1035

Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

Published: March 20, 2009; 02:30:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2009-1034

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.

Published: March 20, 2009; 02:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2008-6413

Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.

Published: March 06, 2009; 06:30:02 AM -05:00
    V2: 4.3 MEDIUM
CVE-2009-0818

Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.

Published: March 04, 2009; 09:30:00 PM -05:00
    V2: 3.5 LOW
CVE-2009-0817

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

Published: March 04, 2009; 09:30:00 PM -05:00
    V2: 3.5 LOW
CVE-2008-6384

Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators.

Published: March 02, 2009; 02:30:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2008-6383

SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

Published: March 02, 2009; 02:30:00 PM -05:00
    V2: 6.0 MEDIUM
CVE-2008-6276

Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.

Published: February 25, 2009; 06:30:00 PM -05:00
    V2: 6.5 MEDIUM