Search

Search Results (366583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4355 1 Watchdog Aggregator Project 1 Watchdog Aggregator 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors.
CVE-2015-4356 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.
CVE-2015-4357 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.
CVE-2015-4358 1 Ubercart Discount Coupons Project 1 Ubercart Discount Coupons 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
CVE-2015-4359 1 Registration Codes Project 1 Registration Codes 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4360 1 Registration Codes Project 1 Registration Codes 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors.
CVE-2015-4361 1 Registration Codes Project 1 Registration Codes 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.
CVE-2015-4362 1 Tracking Code Project 1 Tracking Code 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.
CVE-2015-4363 1 Finder Project 1 Finder 2025-04-12 N/A
Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2015-4364 1 Campaign Monitor Project 1 Campaign Monitor 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).
CVE-2015-4365 1 Taxonomy Accordion Project 1 Taxonomy Accordion 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
CVE-2015-4366 1 Mover Project 1 Mover 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4367 1 Simple Subscription Project 1 Simple Subscription 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content.
CVE-2015-4368 1 Commerce Ogone Project 1 Commerce Ogone 2025-04-12 N/A
The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors.
CVE-2015-4369 1 Trick Question Project 1 Trick Question 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4370 1 Site Documentation Project 1 Site Documentation 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
CVE-2015-4371 1 Perfecto Project 1 Perfecto 2025-04-12 N/A
Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
CVE-2015-4372 1 Image Title Project 1 Image Title 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4373 1 Og Tabs Project 1 Og Tabs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.
CVE-2015-4374 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email.