Search Results (946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2717 2 Drupal, Mathew Winstone 2 Drupal, Mobile Tools 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
CVE-2012-2721 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-2722 2 Drupal, Scott Reynen 2 Drupal, Node Embed 2025-04-11 N/A
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
CVE-2012-2723 2 Blaine Lang, Drupal 2 Maestro, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2727 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2012-2730 2 Alexis Wilke, Drupal 2 Protected Node, Drupal 2025-04-11 N/A
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
CVE-2012-2731 2 Drupal, Richardo Ante 2 Drupal, Ubercart Ajax Cart 2025-04-11 N/A
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
CVE-2012-2907 2 Drupal, Ishmael Sanchez 2 Drupal, Aberdeen 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2922 1 Drupal 1 Drupal 2025-04-11 N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-3800 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
CVE-2012-3802 2 Drupal, Peter Pokrivcak 2 Drupal, Post Affiliate Pro 2025-04-11 N/A
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
CVE-2013-1782 2 Devsaran, Drupal 2 Responsive Blog, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
CVE-2013-1783 2 Devsaran, Drupal 2 Business, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1784 2 Devsaran, Drupal 2 Clean Theme, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1785 2 Devsaran, Drupal 2 Responsive, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2081 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
CVE-2013-1887 2 Drupal, Views Project 2 Drupal, Views 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
CVE-2013-1905 2 Catalin Florian Radut, Drupal 2 Zeropoint, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1906 2 Drupal, Wolfgang Ziegler 2 Drupal, Rules 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag.
CVE-2013-1907 2 Acquia, Drupal 3 Commons, Commons Group, Drupal 2025-04-11 N/A
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.