Total
721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1663 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-1661 | 2 Drupal, Nicholas Thompson | 2 Drupal, Node Quick Find | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. | |||||
| CVE-2011-1662 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2017-08-17 | 6.8 MEDIUM | N/A |
| The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||
| CVE-2011-1066 | 2 Drupal, Reyero | 2 Drupal, Messaging | 2017-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4775 | 2 Drupal, Nicholas Thompson | 2 Drupal, Relevant Content | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. | |||||
| CVE-2011-0899 | 2 Drupal, Johan Lindskog | 2 Drupal, Aes Encryption Module | 2017-08-17 | 5.0 MEDIUM | N/A |
| The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user. | |||||
| CVE-2010-0697 | 2 Drupal, Ilya Ivanchenko | 2 Drupal, Itweak Upload | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. | |||||
| CVE-2010-2724 | 2 Drupal, Wimleers | 2 Drupal, Hierarchical Select | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. | |||||
| CVE-2010-2048 | 2 Drupal, Menhir | 2 Drupal, Heartbeat | 2017-08-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1303 | 2 Drupal, Jim Berry | 2 Drupal, Taxonomy Filter | 2017-08-17 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. | |||||
| CVE-2010-2125 | 2 Drupal, Systemseed | 2 Drupal, Rotor | 2017-08-17 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | |||||
| CVE-2010-1107 | 2 Drupal, Fourkitchens | 2 Drupal, Recent Comments | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." | |||||
| CVE-2010-1108 | 2 Drupal, Hashmarkconsulting | 2 Drupal, Controlpanel | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1584 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | |||||
| CVE-2010-1543 | 2 Drupal, Etracker | 2 Drupal, Etracker | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. | |||||
| CVE-2010-1976 | 2 Drupal, Michael Nichols | 2 Drupal, Taxonomy Breadcrumb | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. | |||||
| CVE-2010-1539 | 2 Drupal, John Vandyk | 2 Drupal, Workflow | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. | |||||
| CVE-2010-3423 | 2 Drupal, Freka | 2 Drupal, Yr Verdata | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. | |||||
| CVE-2010-2353 | 2 Drupal, Yves Chedemois | 2 Drupal, Cck | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. | |||||