Search Results (946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1074 2 2bits, Drupal 2 Currency, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
CVE-2010-0752 2 Drupal, Earl Dunovant 2 Drupal, Week 2025-04-11 N/A
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
CVE-2010-0697 2 Drupal, Ilya Ivanchenko 2 Drupal, Itweak Upload 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
CVE-2010-0370 3 Drupal, Roger Lopez, Thomas Turnbull 3 Drupal, Nodeblock, Nodeblock 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).
CVE-2009-5096 2 Drupal, Khalid Baheyeldin 2 Drupal, Flag Content 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.
CVE-2009-4990 2 Drupal, Jrbcs 2 Drupal, Webform Report 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2009-4829 3 Drupal, James Glasgow, John Vandervort 3 Drupal, Autologout, Autologout 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4773 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-4772 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.
CVE-2009-4771 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.
CVE-2012-2059 2 Drupal, Steve Lockwood 2 Drupal, Ticketyboo News Ticker 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1659 2 Ariel Barreiro, Drupal 2 Noderecommendation, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1657 2 Drupal, Fourkitchens 2 Drupal, Block Class 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
CVE-2012-1656 2 Drupal, Wesjones 2 Drupal, Multisite Search 2025-04-11 N/A
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
CVE-2012-1655 2 Drupal, Sven Decabooter 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment 2025-04-11 N/A
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.
CVE-2012-1654 2 Alex Barth, Drupal 2 Data, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
CVE-2012-1653 2 Collectivecolors, Drupal 2 Taxonomy View Integrator Module, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
CVE-2012-1652 3 Drupal, Wim Leers, Wimleers 3 Drupal, Hierarchical Select, Hierarchical Select 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."
CVE-2012-1651 2 Drupal, Thinkleft 2 Drupal, Submenu Tree 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.