U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 261 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2009-3652

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.

Published: October 09, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-3651

Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Published: October 09, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3650

Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 09, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3648

Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.

Published: October 09, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-3568

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.

Published: October 06, 2009; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3488

Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.

Published: September 30, 2009; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-3479

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Published: September 30, 2009; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3442

The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: September 28, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3437

Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."

Published: September 28, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3435

Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.

Published: September 28, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3363

Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."

Published: September 24, 2009; 12:30:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3354

Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.

Published: September 24, 2009; 12:30:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3353

Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.

Published: September 24, 2009; 12:30:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3352

Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.

Published: September 24, 2009; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3351

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.

Published: September 24, 2009; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3350

Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.

Published: September 24, 2009; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-3210

Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: September 16, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-3207

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.

Published: September 16, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-3206

Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: September 16, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-3157

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

Published: September 10, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW