Vulnerabilities > Drupal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-29 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
2020-04-29 | CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
2020-02-18 | CVE-2013-4226 | Missing Authorization vulnerability in Drupal Authenticated User Page Caching The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | 6.5 |
2020-01-14 | CVE-2011-2715 | SQL Injection vulnerability in Drupal Data and Drupal An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | 9.8 |
2020-01-14 | CVE-2011-2714 | Cross-site Scripting vulnerability in Drupal Data and Drupal A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. | 6.1 |
2019-12-16 | CVE-2019-19826 | Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. | 9.8 |
2019-11-25 | CVE-2011-3373 | Cross-site Scripting vulnerability in Drupal Views Builk Operations Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. | 6.1 |
2019-11-22 | CVE-2012-2079 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Activity 6.X1.X A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | 8.8 |
2019-11-21 | CVE-2012-2078 | Cross-site Scripting vulnerability in Drupal Activity 6.X1.X Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | 4.8 |