Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-8319 |
Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title. Published: October 17, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8318 |
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key. Published: October 17, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8317 |
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text. Published: October 17, 2014; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8296 |
Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: October 16, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3704 |
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. Published: October 15, 2014; 8:55:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8765 |
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page. Published: October 14, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8748 |
Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. Published: October 13, 2014; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8747 |
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages. Published: October 13, 2014; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8746 |
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Published: October 13, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8745 |
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. Published: October 13, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8744 |
Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. Published: October 13, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8743 |
Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. Published: October 13, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8079 |
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. Published: October 09, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-8078 |
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. Published: October 09, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8077 |
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. Published: October 09, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8076 |
Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information. Published: October 09, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-8075 |
Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. Published: October 09, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-7980 |
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. Published: October 08, 2014; 2:55:04 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-7979 |
Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Published: October 08, 2014; 2:55:04 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-7978 |
Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Published: October 08, 2014; 2:55:04 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |