Filtered by vendor Drupal Subscriptions
Filtered by product Drupal Subscriptions
Total 721 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-1657 2 Drupal, Fourkitchens 2 Drupal, Block Class 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
CVE-2012-1653 2 Collectivecolors, Drupal 2 Taxonomy View Integrator Module, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
CVE-2011-5030 2 Drupal, Valthbald 2 Drupal, Meta Tags Quick 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles."
CVE-2012-1643 2 Drupal, Jason Savino 2 Drupal, Fp 2025-04-11 N/A
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.
CVE-2012-1636 2 Drupal, Luke Herrington 2 Drupal, Stickynote 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.
CVE-2011-4113 2 Drupal, Earl Miles 2 Drupal, Views 2025-04-11 N/A
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
CVE-2012-4491 2 Drupal, Earl Dunovant 2 Drupal, Monthly Archive By Node Type 2025-04-11 N/A
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.
CVE-2012-1635 2 Drupal, Rik De Boer 2 Drupal, Revisioning 2025-04-11 N/A
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
CVE-2012-1625 2 Drupal, Wizonesolutions 2 Drupal, Fillpdf 2025-04-11 N/A
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.
CVE-2012-4473 2 Christian Johansson, Drupal 2 Restrict Node Page View, Drupal 2025-04-11 N/A
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request.
CVE-2012-1590 1 Drupal 1 Drupal 2025-04-11 N/A
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
CVE-2012-1589 1 Drupal 1 Drupal 2025-04-11 N/A
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
CVE-2012-4487 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 N/A
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2012-5655 2 Drupal, Steven Jones 2 Drupal, Context 2025-04-11 N/A
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2012-5654 2 Drupal, Nodewords Project 2 Drupal, Nodewords 2025-04-11 N/A
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
CVE-2013-0181 2 Drupal, Thomas Seidl 2 Drupal, Search Api 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
CVE-2012-5653 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-11 N/A
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
CVE-2012-5652 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.