Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2013-07-16 CVE-2013-1908 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
network
low complexity
acquia commons-wikis-project drupal CWE-264
5.0
5.0
2013-07-16 CVE-2013-1907 Permissions, Privileges, and Access Controls vulnerability in Acquia Commons and Commons Group
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
network
low complexity
acquia drupal CWE-264
5.0
5.0
2013-07-16 CVE-2013-0246 Permissions, Privileges, and Access Controls vulnerability in Drupal
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
network
drupal CWE-264
4.3
4.3
2013-07-16 CVE-2013-0245 Permissions, Privileges, and Access Controls vulnerability in Drupal
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
network
high complexity
drupal CWE-264
2.1
2.1
2013-07-01 CVE-2013-2158 Cross-Site Request Forgery (CSRF) vulnerability in Services Project Services
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 		6.8
6.8
2013-06-27 CVE-2012-6576 Cross-Site Scripting vulnerability in Antti Alamki PRH Search 7.X1.0/7.X1.X
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. 		4.3
4.3
2013-06-27 CVE-2012-6575 Cross-Site Scripting vulnerability in Mobile4Social Exposed Filter Data 6.X1.0/6.X1.1/6.X1.X
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 		4.3
4.3
2013-06-27 CVE-2012-6574 Cross-Site Scripting vulnerability in Soprano Fonecta Verify
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. 		4.3
4.3
2013-06-25 CVE-2013-2177 Cross-Site Scripting vulnerability in Kristof DE Jaeger Display Suite
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. 		4.3
4.3
2013-06-25 CVE-2013-1971 Cross-Site Scripting vulnerability in Jordan DE Laune MP3 Player 6.X1.0/6.X1.1
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.
network
high complexity
jordan-de-laune drupal CWE-79
2.1
2.1