Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal token module vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2
Drupal E-commerce Module
Drupal Token Module
Drupal Asin Field Module
Drupal Drupal 4.7
Drupal Node Relativity Module
Drupal Pathauto Module
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Paypal Node Module
Drupal Ubercart Module
Drupal Fullname Field For Cck
Drupal Invite Module
NA
CVE-2015-8602
The Token Insert Entity module 7.x-1.x prior to 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which em...
Token Insert Entity Project Token Insert Entity 7.x-1.0
NA
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Fedoraproject Fedora 23
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.36
Drupal Drupal 7.37
Drupal Drupal 7.x-dev
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.30
Drupal Drupal 7.33
Drupal Drupal 7.6
Drupal Drupal 7.7
NA
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
NA
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
NA
CVE-2012-2720
The Token Authentication (tokenauth) module 6.x-1.x prior to 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote malicious users to perform requests with extra privileges.
Adam Ross Tokenauth 6.x-1.x
Adam Ross Tokenauth 6.x-1.5
Adam Ross Tokenauth 6.x-1.6
Adam Ross Tokenauth 6.x-1.3
Adam Ross Tokenauth 6.x-1.4
Adam Ross Tokenauth 6.x-1.0
Adam Ross Tokenauth 6.x-1.1
NA
CVE-2009-4533
The Webform module 5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote malicious users to read session variables via unspecified vectors.
Nathan Haug Webform 6.x-2.2
Nathan Haug Webform 6.x-2.1
Nathan Haug Webform 6.x-2.0-beta6
Nathan Haug Webform 6.x-2.0-beta1
Nathan Haug Webform 5.x-2.2
Nathan Haug Webform 5.x-2.1.3
Nathan Haug Webform 6.x-2.4
Nathan Haug Webform 6.x-2.3
Nathan Haug Webform 6.x-2.0-beta4
Nathan Haug Webform 6.x-2.0-beta5
Nathan Haug Webform 5.x-2.4
Nathan Haug Webform 5.x-2.3
Nathan Haug Webform 5.x-2.0-beta3
Nathan Haug Webform 5.x-2.0-beta2
Nathan Haug Webform 5.x-1.6
Nathan Haug Webform 5.x-1.5
Nathan Haug Webform 6.x-2.1-1
Nathan Haug Webform 6.x-2.1.2
Nathan Haug Webform 6.x-2.0-beta2
Nathan Haug Webform 6.x-2.x-dev
Nathan Haug Webform 5.x-2.1.2
Nathan Haug Webform 5.x-2.1.1
NA
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
NA
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x prior to 6.x-3.2 and 7.x-3.x prior to 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leve...
Steven Jones Context 7.x-3.0
Steven Jones Context 6.x-3.x
Steven Jones Context 6.x-3.0
Steven Jones Context 6.x-2.0
Steven Jones Context 7.x-3.x
Steven Jones Context 6.x-3.1
NA
CVE-2010-1539
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x prior to 5.x-2.6 and 6.x-1.x prior to 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
John Vandyk Workflow 5.x-2.x
John Vandyk Workflow 5.x-2.5
John Vandyk Workflow 6.x-1.0
John Vandyk Workflow 5.x-2.1
John Vandyk Workflow 5.x-2.0
John Vandyk Workflow 5.x-2.3
John Vandyk Workflow 5.x-2.2
John Vandyk Workflow 6.x-1.2
John Vandyk Workflow 6.x-1.1
John Vandyk Workflow 5.x-2.4
John Vandyk Workflow 6.x-1.4
John Vandyk Workflow 6.x-1.3
John Vandyk Workflow 6.x-1.x-dev
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »