Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1784 | 2 Devsaran, Drupal | 2 Clean Theme, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-1783 | 2 Devsaran, Drupal | 2 Business, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-1782 | 2 Devsaran, Drupal | 2 Responsive Blog, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | ||||
CVE-2013-1781 | 2 Devsaran, Drupal | 2 Professional Theme, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | ||||
CVE-2013-1779 | 2 Devsaran, Drupal | 2 Fresh, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-1778 | 2 Devsaran, Drupal | 2 Creative, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | ||||
CVE-2013-1393 | 2 Curvycorners, Drupal | 2 Curvycorners, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-0325 | 2 Drupal, Varnish Http Accelerator Integration Project | 2 Drupal, Varnish | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. | ||||
CVE-2013-0324 | 2 Drupal, Tomasbarej | 2 Drupal, Menu Reference | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. | ||||
CVE-2013-0323 | 2 Display Suite Project, Drupal | 2 Ds, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | ||||
CVE-2013-0322 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
CVE-2013-0321 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | ||||
CVE-2013-0320 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | ||||
CVE-2013-0319 | 2 Drupal, Yandex.metrics Project | 2 Drupal, Yandex Metrics | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | ||||
CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2024-11-21 | N/A |
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | ||||
CVE-2013-0317 | 2 Drupal, Joe Haskins | 2 Drupal, Og Manager Change | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. | ||||
CVE-2013-0316 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | ||||
CVE-2013-0260 | 2 Drupal, Elliot Pahl | 2 Drupal, Drush Debian Packaging | 2024-11-21 | N/A |
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | ||||
CVE-2013-0259 | 2 Boxes Project, Drupal | 2 Boxes, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. |