Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

drupal token module vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2Drupal E-commerce ModuleDrupal Token ModuleDrupal Asin Field ModuleDrupal Drupal 4.7Drupal Node Relativity ModuleDrupal Pathauto ModuleDrupal Drupal 5.0Drupal Drupal 5.1Drupal Paypal Node ModuleDrupal Ubercart ModuleDrupal Fullname Field For CckDrupal Invite Module
NA
CVE-2015-8602
The Token Insert Entity module 7.x-1.x prior to 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which em...
Token Insert Entity Project Token Insert Entity 7.x-1.0
NA
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22Fedoraproject Fedora 21Fedoraproject Fedora 23Drupal Drupal 7.0Drupal Drupal 7.15Drupal Drupal 7.11Drupal Drupal 7.12Drupal Drupal 7.2Drupal Drupal 7.20Drupal Drupal 7.27Drupal Drupal 7.28Drupal Drupal 7.36Drupal Drupal 7.37Drupal Drupal 7.x-devDrupal Drupal 7.16Drupal Drupal 7.17Drupal Drupal 7.23Drupal Drupal 7.24Drupal Drupal 7.30Drupal Drupal 7.33Drupal Drupal 7.6Drupal Drupal 7.7
NA
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
NA
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
NA
CVE-2012-2720
The Token Authentication (tokenauth) module 6.x-1.x prior to 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote malicious users to perform requests with extra privileges.
Adam Ross Tokenauth 6.x-1.xAdam Ross Tokenauth 6.x-1.5Adam Ross Tokenauth 6.x-1.6Adam Ross Tokenauth 6.x-1.3Adam Ross Tokenauth 6.x-1.4Adam Ross Tokenauth 6.x-1.0Adam Ross Tokenauth 6.x-1.1
NA
CVE-2009-4533
The Webform module 5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote malicious users to read session variables via unspecified vectors.
Nathan Haug Webform 6.x-2.2Nathan Haug Webform 6.x-2.1Nathan Haug Webform 6.x-2.0-beta6Nathan Haug Webform 6.x-2.0-beta1Nathan Haug Webform 5.x-2.2Nathan Haug Webform 5.x-2.1.3Nathan Haug Webform 6.x-2.4Nathan Haug Webform 6.x-2.3Nathan Haug Webform 6.x-2.0-beta4Nathan Haug Webform 6.x-2.0-beta5Nathan Haug Webform 5.x-2.4Nathan Haug Webform 5.x-2.3Nathan Haug Webform 5.x-2.0-beta3Nathan Haug Webform 5.x-2.0-beta2Nathan Haug Webform 5.x-1.6Nathan Haug Webform 5.x-1.5Nathan Haug Webform 6.x-2.1-1Nathan Haug Webform 6.x-2.1.2Nathan Haug Webform 6.x-2.0-beta2Nathan Haug Webform 6.x-2.x-devNathan Haug Webform 5.x-2.1.2Nathan Haug Webform 5.x-2.1.1
NA
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
NA
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x prior to 6.x-3.2 and 7.x-3.x prior to 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leve...
Steven Jones Context 7.x-3.0Steven Jones Context 6.x-3.xSteven Jones Context 6.x-3.0Steven Jones Context 6.x-2.0Steven Jones Context 7.x-3.xSteven Jones Context 6.x-3.1
NA
CVE-2010-1539
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x prior to 5.x-2.6 and 6.x-1.x prior to 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
John Vandyk Workflow 5.x-2.xJohn Vandyk Workflow 5.x-2.5John Vandyk Workflow 6.x-1.0John Vandyk Workflow 5.x-2.1John Vandyk Workflow 5.x-2.0John Vandyk Workflow 5.x-2.3John Vandyk Workflow 5.x-2.2John Vandyk Workflow 6.x-1.2John Vandyk Workflow 6.x-1.1John Vandyk Workflow 5.x-2.4John Vandyk Workflow 6.x-1.4John Vandyk Workflow 6.x-1.3John Vandyk Workflow 6.x-1.x-dev
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook