Search Results (957 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0246 1 Drupal 1 Drupal 2025-04-11 N/A
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
CVE-2013-0258 2 Drupal, Google Authenticator Login Project 2 Drupal, Ga Login 2025-04-11 N/A
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
CVE-2013-0259 2 Boxes Project, Drupal 2 Boxes, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
CVE-2012-1623 2 Aidanlister, Drupal 2 Regcode, Drupal 2025-04-11 N/A
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.
CVE-2012-1642 2 Drupal, Yaml-fuer-drupal 2 Drupal, Linkchecker 2025-04-11 N/A
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0317 2 Drupal, Joe Haskins 2 Drupal, Og Manager Change 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
CVE-2013-0318 2 Banckle Chat Project, Drupal 2 Banckle Chat, Drupal 2025-04-11 N/A
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
CVE-2013-0319 2 Drupal, Yandex.metrics Project 2 Drupal, Yandex Metrics 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
CVE-2013-0320 2 Drupal, Mattias Hutterer 2 Drupal, Taxonomy Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
CVE-2013-0321 2 Drupal, Ubercart Views Project 2 Drupal, Uc Views 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVE-2013-0322 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVE-2013-0323 2 Display Suite Project, Drupal 2 Ds, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.
CVE-2013-0324 2 Drupal, Tomasbarej 2 Drupal, Menu Reference 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
CVE-2012-2057 2 Drupal, Miura 2 Drupal, Ubercart Bulk Stock Updater 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
CVE-2012-2081 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
CVE-2012-2305 2 Drupal, Justin Ellison 2 Drupal, Node Gallery 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries.
CVE-2012-2300 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2308 2 Drupal, Tahiticlic 2 Drupal, Taxonomy Grid Catalog 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2310 2 Drupal, Oleg Kovalchuk 2 Drupal, Cctags 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.