Filtered by vendor Drupal Subscriptions
Filtered by product Drupal Subscriptions
Total 709 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-4119 2 Alex Barth, Drupal 2 Feed Element Mapper, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4066 2 Drupal, Paul Beaney 2 Drupal, Phplist 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
CVE-2009-4065 2 Drupal, Jeff Miccolis 2 Drupal, Strongarm Module 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.
CVE-2009-4064 2 Drupal, Puntolatinoclub 2 Drupal, Gallery Assist Module 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles.
CVE-2009-4063 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Og Subgroups 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
CVE-2009-4062 2 Anon-design, Drupal 2 Printfriendly, Drupal 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4061 2 Drupal, Yuriy Babenko 2 Drupal, Agreement Module 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4044 2 Bruno Massa, Drupal 2 Web Services, Drupal 2024-11-21 N/A
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
CVE-2009-4043 2 Drupal, Patrick Przybilla 2 Drupal, Addtoany 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
CVE-2009-4042 2 Drupal, Marek Sotak 2 Drupal, Rootcandy 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2009-3922 2 Chad Phillips, Drupal 2 Userprotect, Drupal 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule.
CVE-2009-3921 2 Drupal, Ezra Barnett Gildesgame 2 Drupal, Smartqueue Og 2024-11-21 N/A
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
CVE-2009-3920 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2024-11-21 N/A
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.
CVE-2009-3919 2 Drupal, Sean Robertson 2 Drupal, Crmngp 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."
CVE-2009-3918 2 Drupal, Karim Ratib 2 Drupal, Zoomify 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.
CVE-2009-3917 2 Drupal, Greg Knaddison 2 Drupal, S5 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.
CVE-2009-3916 2 Drupal, Ronan Dowling 2 Drupal, Nodehierarchy 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title.
CVE-2009-3915 2 Drupal, John C Fiala 2 Drupal, Link 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
CVE-2009-3914 2 Drupal, Wolfgang Ziegler 2 Drupal, Temporary Invitation 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.
CVE-2009-3786 2 Drupal, Moshe Weitzman 2 Drupal, Og Vocab 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.