Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-3435 | 2 Drupal, Moshe Weitzman | 2 Drupal, Devel | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. | ||||
CVE-2009-3363 | 2 Drupal, Ufku Bayburt | 2 Drupal, Bueditor | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | ||||
CVE-2009-3354 | 2 Andrew Sterling Hanenkamp, Drupal | 2 Rest Api Module, Drupal | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | ||||
CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | ||||
CVE-2009-3352 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | ||||
CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | ||||
CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | ||||
CVE-2009-3210 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2024-11-21 | N/A |
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | ||||
CVE-2009-3206 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-3157 | 2 Drupal, Karen Stevenson | 2 Drupal, Calendar | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | ||||
CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | ||||
CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2024-11-21 | N/A |
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | ||||
CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | ||||
CVE-2009-2572 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes. | ||||
CVE-2009-2374 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. | ||||
CVE-2009-2373 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-2372 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | ||||
CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2024-11-21 | N/A |
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. |