Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal data 6.x-1.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
7.5
CVSSv2
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
7.5
CVSSv2
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
4.3
CVSSv2
CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.10 for Drupal allows remote malicious users to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
Google Site Search Project Google Site Search Module 7.x-1.9
Google Site Search Project Google Site Search Module 7.x-1.3
Google Site Search Project Google Site Search Module 7.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.6
Google Site Search Project Google Site Search Module 7.x-1.5
Google Site Search Project Google Site Search Module 7.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.8
Google Site Search Project Google Site Search Module 7.x-1.7
Google Site Search Project Google Site Search Module 7.x-1.1
Google Site Search Project Google Site Search Module 6.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.4
Google Site Search Project Google Site Search Module 6.x-1.3
Google Site Search Project Google Site Search Module 6.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.1
4.3
CVSSv2
CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mobile4social Exposed Filter Data 6.x-1.1
Mobile4social Exposed Filter Data 6.x-1.0
Mobile4social Exposed Filter Data 6.x-1.x
4.3
CVSSv2
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
Yandex.metrics Project Yandex Metrics 7.x-1.4
Yandex.metrics Project Yandex Metrics 7.x-1.2
Yandex.metrics Project Yandex Metrics 7.x-1.1
Yandex.metrics Project Yandex Metrics 7.x-1.0
Yandex.metrics Project Yandex Metrics 7.x-1.x
Yandex.metrics Project Yandex Metrics 7.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.1
Yandex.metrics Project Yandex Metrics 6.x-1.x
Yandex.metrics Project Yandex Metrics 6.x-1.0
Yandex.metrics Project Yandex Metrics 6.x-1.5
Yandex.metrics Project Yandex Metrics 6.x-1.4
Yandex.metrics Project Yandex Metrics 6.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.2
4.3
CVSSv2
CVE-2012-5541
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.0-rc3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."
Twitter Pull Project Twitter Pull 6.x-1.2
Twitter Pull Project Twitter Pull 6.x-1.1
Twitter Pull Project Twitter Pull 6.x-1.0
Twitter Pull Project Twitter Pull 6.x-1.x
Twitter Pull Project Twitter Pull 7.x-1.0
Twitter Pull Project Twitter Pull 7.x-1.x
2.1
CVSSv2
CVE-2012-1654
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x prior to 6.x-1.0 and 7.x-1.x prior to 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title paramete...
Alex Barth Data 6.x-1.0
Alex Barth Data 7.x-1.x
Alex Barth Data 6.x-1.x
Alex Barth Data 7.x-1.0
5
CVSSv2
CVE-2012-2296
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote malicious users to obtain sensitive information by leveraging a separate vulnerabil...
Janrain Rpx 6.x-1.0
Janrain Rpx 6.x-2.1
Janrain Rpx 7.x-2.1
Janrain Rpx 6.x-1.4
Janrain Rpx 6.x-1.2
Janrain Rpx 6.x-1.3
Janrain Rpx 7.x-2.0
Janrain Rpx 6.x-1.1
Janrain Rpx 7.x-2.x
5.8
CVSSv2
CVE-2012-2727
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Bryce Hamrick Janrain Capture 7.x-1.0
Bryce Hamrick Janrain Capture 6.x-1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »