Search Results (946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1626 2 Drupal, Karen Stevenson 2 Drupal, Date 2025-04-11 N/A
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1627 2 Drupal, Marvil07 2 Drupal, Vote Up Down 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.
CVE-2012-1628 2 63reasons, Drupal 2 Supercron, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1629 2 Dmitry Loac, Drupal 2 Taxotouch, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1630 2 Drupal, Nestor Mata Cuthbert 2 Drupal, Taxonomy Navigator 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1631 2 Databasepublish, Drupal 2 Admin\, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
CVE-2012-1632 2 Drupal, Erik Webb 2 Drupal, Password Policy 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.
CVE-2012-1639 2 Commerceguys, Drupal 2 Commerce, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.
CVE-2012-1649 2 Danielb, Drupal 2 Cool Aid, Drupal 2025-04-11 N/A
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
CVE-2012-1654 2 Alex Barth, Drupal 2 Data, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1660 2 Drupal, Nathan Haug 2 Drupal, Webform 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
CVE-2010-1530 2 Drupal, Reyero 2 Drupal, I18n 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
CVE-2010-1536 2 Drupal, Mearra 2 Drupal, Addthis 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1539 2 Drupal, John Vandyk 2 Drupal, Workflow 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
CVE-2011-4113 2 Drupal, Earl Miles 2 Drupal, Views 2025-04-11 N/A
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
CVE-2011-4560 1 Drupal 2 Drupal, Petition Node Module 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.
CVE-2012-1060 2 Drupal, Rik De Boer 2 Drupal, Revisioning 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.
CVE-2012-2056 2 Drupal, Nathan Brink 2 Drupal, Content Lock 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2062 2 Drupal, Sami Kiminki 2 Drupal, Redirecting Click Bouncer 2025-04-11 N/A
Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.