Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal data 6.x-1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
6.1
CVSSv3
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
NA
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
NA
CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.10 for Drupal allows remote malicious users to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
Google Site Search Project Google Site Search Module 7.x-1.9
Google Site Search Project Google Site Search Module 7.x-1.3
Google Site Search Project Google Site Search Module 7.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.6
Google Site Search Project Google Site Search Module 7.x-1.5
Google Site Search Project Google Site Search Module 7.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.8
Google Site Search Project Google Site Search Module 7.x-1.7
Google Site Search Project Google Site Search Module 7.x-1.1
Google Site Search Project Google Site Search Module 6.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.4
Google Site Search Project Google Site Search Module 6.x-1.3
Google Site Search Project Google Site Search Module 6.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.1
NA
CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mobile4social Exposed Filter Data 6.x-1.1
Mobile4social Exposed Filter Data 6.x-1.0
Mobile4social Exposed Filter Data 6.x-1.x
NA
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
Yandex.metrics Project Yandex Metrics 7.x-1.4
Yandex.metrics Project Yandex Metrics 7.x-1.2
Yandex.metrics Project Yandex Metrics 7.x-1.1
Yandex.metrics Project Yandex Metrics 7.x-1.0
Yandex.metrics Project Yandex Metrics 7.x-1.x
Yandex.metrics Project Yandex Metrics 7.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.1
Yandex.metrics Project Yandex Metrics 6.x-1.x
Yandex.metrics Project Yandex Metrics 6.x-1.0
Yandex.metrics Project Yandex Metrics 6.x-1.5
Yandex.metrics Project Yandex Metrics 6.x-1.4
Yandex.metrics Project Yandex Metrics 6.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.2
NA
CVE-2012-5541
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.0-rc3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."
Twitter Pull Project Twitter Pull 6.x-1.2
Twitter Pull Project Twitter Pull 6.x-1.1
Twitter Pull Project Twitter Pull 6.x-1.0
Twitter Pull Project Twitter Pull 6.x-1.x
Twitter Pull Project Twitter Pull 7.x-1.0
Twitter Pull Project Twitter Pull 7.x-1.x
NA
CVE-2012-1654
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x prior to 6.x-1.0 and 7.x-1.x prior to 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title paramete...
Alex Barth Data 6.x-1.0
Alex Barth Data 7.x-1.x
Alex Barth Data 6.x-1.x
Alex Barth Data 7.x-1.0
NA
CVE-2012-2296
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote malicious users to obtain sensitive information by leveraging a separate vulnerabil...
Janrain Rpx 6.x-1.0
Janrain Rpx 6.x-2.1
Janrain Rpx 7.x-2.1
Janrain Rpx 6.x-1.4
Janrain Rpx 6.x-1.2
Janrain Rpx 6.x-1.3
Janrain Rpx 7.x-2.0
Janrain Rpx 6.x-1.1
Janrain Rpx 7.x-2.x
NA
CVE-2012-2727
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Bryce Hamrick Janrain Capture 7.x-1.0
Bryce Hamrick Janrain Capture 6.x-1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »