Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
| 2020-02-18 | CVE-2013-4226 | Missing Authorization vulnerability in Drupal Authenticated User Page Caching The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | 4.0 |
| 2020-01-14 | CVE-2011-2715 | SQL Injection vulnerability in Drupal Data and Drupal An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | 7.5 |
| 2020-01-14 | CVE-2011-2714 | Cross-site Scripting vulnerability in Drupal Data and Drupal A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. | 4.3 |
| 2019-12-16 | CVE-2019-19826 | Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. | 7.5 |
| 2019-11-25 | CVE-2011-3373 | Cross-site Scripting vulnerability in Drupal Views Builk Operations Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. | 4.3 |
| 2019-11-22 | CVE-2012-2079 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Activity 6.X1.X A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | 6.8 |
| 2019-11-21 | CVE-2012-2078 | Cross-site Scripting vulnerability in Drupal Activity 6.X1.X Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | 3.5 |
| 2019-11-21 | CVE-2012-1637 | Cross-site Scripting vulnerability in Drupal Quick Tabs Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | 3.5 |
| 2019-11-15 | CVE-2011-2726 | Incorrect Authorization vulnerability in multiple products An access bypass issue was found in Drupal 7.x before version 7.5. | 5.0 |