Filtered by vendor Drupal
Subscriptions
Total
889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2025-04-09 | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | ||||
| CVE-2008-3500 | 1 Drupal | 1 Suggested Terms Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms. | ||||
| CVE-2008-1980 | 1 Drupal | 2 Drupal, E-publish | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-0658 | 1 Drupal | 2 Drupal, Textimage | 2025-04-09 | N/A |
| The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | ||||
| CVE-2008-1978 | 1 Drupal | 2 Drupal, Ubercart Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | ||||
| CVE-2008-1428 | 1 Drupal | 1 Ubercart Module | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. | ||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2025-04-09 | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | ||||
| CVE-2008-0570 | 1 Drupal | 1 Openid | 2025-04-09 | N/A |
| The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. | ||||
| CVE-2008-0569 | 1 Drupal | 1 Comment Upload Module | 2025-04-09 | N/A |
| The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. | ||||
| CVE-2008-0463 | 1 Drupal | 1 Workflow | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. | ||||
| CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2025-04-09 | N/A |
| Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-0274 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | ||||
| CVE-2007-1033 | 1 Drupal | 1 Secure Site Module | 2025-04-09 | N/A |
| Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. | ||||
| CVE-2007-1035 | 1 Drupal | 3 Audio Module, Getid3, Mediafield Module | 2025-04-09 | N/A |
| Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | ||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | ||||
| CVE-2009-0603 | 1 Drupal | 2 Drupal, Link Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0817 | 1 Drupal | 2 Drupal, Protected Node Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. | ||||
| CVE-2009-4370 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. | ||||
| CVE-2009-1501 | 2 Drupal, Exif | 2 Drupal, Exif | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | ||||