Search Results (Refine Search)
- Keyword (text search): Drupal
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-6646 |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. Published: December 19, 2006; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6647 |
Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information. Published: December 19, 2006; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6528 |
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. Published: December 13, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-6529 |
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. Published: December 13, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-6530 |
SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: December 13, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-6531 |
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. Published: December 13, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6386 |
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. Published: December 07, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-5608 |
SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." Published: October 30, 2006; 6:07:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-5475 |
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. Published: October 24, 2006; 4:07:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-5476 |
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. Published: October 24, 2006; 4:07:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-5477 |
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. Published: October 24, 2006; 4:07:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-4947 |
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Published: September 22, 2006; 9:07:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-4949 |
Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. Published: September 22, 2006; 9:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-4821 |
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 15, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-4717 |
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. Published: September 12, 2006; 12:07:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4646 |
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 08, 2006; 5:04:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-4355 |
Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: August 26, 2006; 10:04:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-4356 |
SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: August 26, 2006; 10:04:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4360 |
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. Published: August 26, 2006; 10:04:00 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2006-4120 |
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: August 14, 2006; 7:04:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |