Vulnerabilities > Drupal > Low

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2020-13673 Cross-site Scripting vulnerability in Drupal Entity Embed 8.X1.0/8.X1.1/8.X1.2
The Entity Embed module provides a filter to allow embedding entities in content fields.
network
high complexity
drupal CWE-79
2.6
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
high complexity
drupal CWE-79
2.6
2019-11-21 CVE-2012-1637 Cross-site Scripting vulnerability in Drupal Quick Tabs
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
network
drupal CWE-79
3.5
2019-11-21 CVE-2012-2078 Cross-site Scripting vulnerability in Drupal Activity 6.X1.X
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
network
drupal CWE-79
3.5
2019-11-07 CVE-2010-2472 Cross-site Scripting vulnerability in Drupal
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack.
network
drupal CWE-79
3.5
2019-11-07 CVE-2010-2473 Improper Input Validation vulnerability in Drupal
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances.
network
drupal CWE-20
3.5
2019-05-16 CVE-2019-10909 Cross-site Scripting vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
3.5
2018-03-01 CVE-2017-6928 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it.
3.5
2015-03-25 CVE-2015-2559 Improper Access Control vulnerability in multiple products
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
3.5
2014-11-12 CVE-2014-8734 Permissions, Privileges, and Access Controls vulnerability in Drupal Organic Groups Menu 7.X2.0/7.X2.Xdev
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.
network
drupal CWE-264
3.5