Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
724 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2712 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | ||||
CVE-2012-2713 | 2 Browserid Project, Drupal | 2 Browserid, Drupal | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. | ||||
CVE-2012-2716 | 2 David Stosik, Drupal | 2 Comment Moderation, Drupal | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. | ||||
CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2025-04-11 | N/A |
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | ||||
CVE-2012-2719 | 2 Blaine Lang, Drupal | 2 Filedepot, Drupal | 2025-04-11 | N/A |
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | ||||
CVE-2012-2728 | 2 Drupal, Ronan Dowling | 2 Drupal, Node Hierarchy | 2025-04-11 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. | ||||
CVE-2012-2729 | 2 Adcillc, Drupal | 2 Simplemeta, Drupal | 2025-04-11 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. | ||||
CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2025-04-11 | N/A |
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | ||||
CVE-2012-2731 | 2 Drupal, Richardo Ante | 2 Drupal, Ubercart Ajax Cart | 2025-04-11 | N/A |
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | ||||
CVE-2012-2907 | 2 Drupal, Ishmael Sanchez | 2 Drupal, Aberdeen | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | ||||
CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | ||||
CVE-2012-3802 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2025-04-11 | N/A |
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. | ||||
CVE-2012-4470 | 2 Drupal, Philip Ludlam | 2 Drupal, Listhandler | 2025-04-11 | N/A |
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | ||||
CVE-2012-4471 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2025-04-11 | N/A |
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors. | ||||
CVE-2012-4473 | 2 Christian Johansson, Drupal | 2 Restrict Node Page View, Drupal | 2025-04-11 | N/A |
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request. | ||||
CVE-2012-4475 | 2 Drupal, Security Questions Project | 2 Drupal, Security Questions | 2025-04-11 | N/A |
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors. | ||||
CVE-2012-4476 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-4478 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2012-2298 | 2 Drupal, Nancy Wichmann | 3 Drupal, Realname, Realname | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." |