Vulnerabilities > Drupal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-09 | CVE-2013-4384 | Cross-Site Scripting vulnerability in Google Site Search Project Google Site Search Module Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. | 4.3 |
2013-09-30 | CVE-2013-5965 | Permissions, Privileges, and Access Controls vulnerability in Adcisolutions Node View Permissions 7.X1.0/7.X1.1 The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | 5.0 |
2013-09-30 | CVE-2013-5964 | Cross-Site Scripting vulnerability in Joachim Noreiko Flag Module 7.X3.0 Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | 2.1 |
2013-09-25 | CVE-2013-5938 | Cross-Site Scripting vulnerability in Click2Sell Suite Module 6.X1.0 Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. | 4.3 |
2013-09-25 | CVE-2013-5937 | Cross-Site Request Forgery (CSRF) vulnerability in Click2Sell Suite Module 6.X1.0 Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. | 6.8 |
2013-08-28 | CVE-2013-4274 | Cross-Site Scripting vulnerability in Erikwebb Password Policy Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | 2.1 |
2013-08-28 | CVE-2013-4272 | Information Exposure vulnerability in Botcha Spam Prevention Project Botcha The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | 4.3 |
2013-08-28 | CVE-2013-4139 | Unspecified vulnerability in Stage File Proxy Project Stage File Proxy The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | 5.0 |
2013-08-28 | CVE-2013-4138 | Cross-Site Scripting vulnerability in Alienwp Hatch Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
2013-08-28 | CVE-2013-2247 | Permissions, Privileges, and Access Controls vulnerability in Fast Permissions Administration Project Fast Permission Administration The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | 7.5 |