ReportizFlow
Filtered by vendor Drupal
Subscriptions
Total
889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | N/A |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. | ||||
| CVE-2006-6646 | 1 Drupal | 2 Drupal Project, Drupal Project Issue Tracking | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. | ||||
| CVE-2006-6647 | 1 Drupal | 1 Drupal Mysite | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information. | ||||
| CVE-2009-2370 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2025-04-09 | N/A |
| Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | ||||
| CVE-2007-6298 | 1 Drupal | 1 Shoutbox | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. | ||||
| CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3916 | 2 Drupal, Ronan Dowling | 2 Drupal, Nodehierarchy | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. | ||||
| CVE-2009-4042 | 2 Drupal, Marek Sotak | 2 Drupal, Rootcandy | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2009-4063 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Og Subgroups | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. | ||||
| CVE-2009-4558 | 2 Drupal, Unleashedmind | 2 Drupal, Img Assist | 2025-04-09 | N/A |
| The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors. | ||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2008-2773 | 1 Drupal | 1 Taxonomy Image Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3500 | 1 Drupal | 1 Suggested Terms Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms. | ||||
| CVE-2007-0505 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. | ||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2025-04-09 | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | ||||
| CVE-2007-0534 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." | ||||
| CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | ||||
| CVE-2009-2237 | 2 Drupal, Karim Ratib | 2 Drupal, Views Bulk Operations | 2025-04-09 | N/A |
| Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). | ||||