Vulnerabilities > Drupal > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-18 CVE-2013-4226 Missing Authorization vulnerability in Drupal Authenticated User Page Caching
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
network
low complexity
drupal CWE-862
4.0
2020-01-14 CVE-2011-2714 Cross-site Scripting vulnerability in Drupal Data and Drupal
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
network
drupal CWE-79
4.3
2019-11-25 CVE-2011-3373 Cross-site Scripting vulnerability in Drupal Views Builk Operations
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used.
network
drupal CWE-79
4.3
2019-11-22 CVE-2012-2079 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Activity 6.X1.X
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
network
drupal CWE-352
6.8
2019-11-15 CVE-2011-2726 Incorrect Authorization vulnerability in multiple products
An access bypass issue was found in Drupal 7.x before version 7.5.
network
low complexity
drupal debian redhat fedoraproject CWE-863
5.0
2019-11-11 CVE-2019-18856 Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
network
low complexity
drupal CWE-732
5.0
2019-11-07 CVE-2010-2250 Cross-site Scripting vulnerability in Drupal
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
network
drupal CWE-79
4.3
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
5.8
2019-05-24 CVE-2019-11876 Cross-site Scripting vulnerability in multiple products
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.
4.3
2019-05-16 CVE-2019-10911 Improper Authentication vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
6.0