Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0181 |
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. Published: March 27, 2013; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2013-0227 |
Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. Published: March 19, 2013; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0225 |
Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. Published: March 19, 2013; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0224 |
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. Published: March 19, 2013; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-0207 |
Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published: March 19, 2013; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-0206 |
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Published: March 19, 2013; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-5655 |
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. Published: January 02, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-5654 |
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. Published: January 02, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5591 |
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5590 |
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5589 |
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-5588 |
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-5587 |
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5586 |
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-5585 |
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. Published: December 26, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-5584 |
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. Published: December 26, 2012; 12:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6065 |
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553. Published: December 03, 2012; 4:55:03 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2012-5569 |
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. Published: December 03, 2012; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5557 |
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. Published: December 03, 2012; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2012-5556 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. Published: December 03, 2012; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |