Filtered by vendor Drupal Subscriptions
Filtered by product Drupal Subscriptions
Total 709 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-1784 2 Devsaran, Drupal 2 Clean Theme, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1783 2 Devsaran, Drupal 2 Business, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1782 2 Devsaran, Drupal 2 Responsive Blog, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1781 2 Devsaran, Drupal 2 Professional Theme, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1780 2 Devsaran, Drupal 2 Best Responsive, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1779 2 Devsaran, Drupal 2 Fresh, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1778 2 Devsaran, Drupal 2 Creative, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1393 2 Curvycorners, Drupal 2 Curvycorners, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0325 2 Drupal, Varnish Http Accelerator Integration Project 2 Drupal, Varnish 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting.
CVE-2013-0324 2 Drupal, Tomasbarej 2 Drupal, Menu Reference 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
CVE-2013-0323 2 Display Suite Project, Drupal 2 Ds, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.
CVE-2013-0322 2 Drupal, Ubercart 2 Drupal, Ubercart 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVE-2013-0321 2 Drupal, Ubercart Views Project 2 Drupal, Uc Views 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVE-2013-0320 2 Drupal, Mattias Hutterer 2 Drupal, Taxonomy Manager 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
CVE-2013-0319 2 Drupal, Yandex.metrics Project 2 Drupal, Yandex Metrics 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
CVE-2013-0318 2 Banckle Chat Project, Drupal 2 Banckle Chat, Drupal 2024-11-21 N/A
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
CVE-2013-0317 2 Drupal, Joe Haskins 2 Drupal, Og Manager Change 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
CVE-2013-0316 1 Drupal 1 Drupal 2024-11-21 N/A
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
CVE-2013-0260 2 Drupal, Elliot Pahl 2 Drupal, Drush Debian Packaging 2024-11-21 N/A
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
CVE-2013-0259 2 Boxes Project, Drupal 2 Boxes, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.