U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 220 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2009-1036

Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.

Published: March 20, 2009; 2:30:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-1035

Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

Published: March 20, 2009; 2:30:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-6413

Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.

Published: March 06, 2009; 6:30:02 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0818

Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.

Published: March 04, 2009; 9:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-0817

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

Published: March 04, 2009; 9:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2008-6383

SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

Published: March 02, 2009; 2:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2008-6137

EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.

Published: February 13, 2009; 9:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6135

Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 13, 2009; 9:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-6134

SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 13, 2009; 9:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-6020

SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."

Published: February 02, 2009; 5:00:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-0382

Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.

Published: February 02, 2009; 2:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-5999

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

Published: January 28, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2008-5998

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

Published: January 28, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2008-5996

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

Published: January 28, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2008-4710

Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 23, 2008; 1:17:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-4633

SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

Published: October 20, 2008; 9:18:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2008-2629

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Published: June 09, 2008; 8:32:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-1792

Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 15, 2008; 1:05:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-1731

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

Published: April 11, 2008; 3:05:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-0462

Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 25, 2008; 11:00:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM