Vulnerabilities > Drupal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-16 | CVE-2013-1908 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-1907 | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons and Commons Group The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-0246 | Permissions, Privileges, and Access Controls vulnerability in Drupal The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | 4.3 |
2013-07-16 | CVE-2013-0245 | Permissions, Privileges, and Access Controls vulnerability in Drupal The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. | 2.1 |
2013-07-01 | CVE-2013-2158 | Cross-Site Request Forgery (CSRF) vulnerability in Services Project Services Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2013-06-27 | CVE-2012-6576 | Cross-Site Scripting vulnerability in Antti Alamki PRH Search 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-27 | CVE-2012-6575 | Cross-Site Scripting vulnerability in Mobile4Social Exposed Filter Data 6.X1.0/6.X1.1/6.X1.X Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-27 | CVE-2012-6574 | Cross-Site Scripting vulnerability in Soprano Fonecta Verify Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-25 | CVE-2013-2177 | Cross-Site Scripting vulnerability in Kristof DE Jaeger Display Suite Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. | 4.3 |
2013-06-25 | CVE-2013-1971 | Cross-Site Scripting vulnerability in Jordan DE Laune MP3 Player 6.X1.0/6.X1.1 Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. | 2.1 |