Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal data 6.x-1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
7.5
CVSSv2
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
5.8
CVSSv2
CVE-2012-2727
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Bryce Hamrick Janrain Capture 7.x-1.0
Bryce Hamrick Janrain Capture 6.x-1.0
5
CVSSv2
CVE-2012-2296
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote malicious users to obtain sensitive information by leveraging a separate vulnerabil...
Janrain Rpx 6.x-1.0
Janrain Rpx 6.x-2.1
Janrain Rpx 7.x-2.1
Janrain Rpx 6.x-1.4
Janrain Rpx 6.x-1.2
Janrain Rpx 6.x-1.3
Janrain Rpx 7.x-2.0
Janrain Rpx 6.x-1.1
Janrain Rpx 7.x-2.x
4.3
CVSSv2
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
4.3
CVSSv2
CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.10 for Drupal allows remote malicious users to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
Google Site Search Project Google Site Search Module 7.x-1.9
Google Site Search Project Google Site Search Module 7.x-1.3
Google Site Search Project Google Site Search Module 7.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.6
Google Site Search Project Google Site Search Module 7.x-1.5
Google Site Search Project Google Site Search Module 7.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.8
Google Site Search Project Google Site Search Module 7.x-1.7
Google Site Search Project Google Site Search Module 7.x-1.1
Google Site Search Project Google Site Search Module 6.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.4
Google Site Search Project Google Site Search Module 6.x-1.3
Google Site Search Project Google Site Search Module 6.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.1
4.3
CVSSv2
CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mobile4social Exposed Filter Data 6.x-1.1
Mobile4social Exposed Filter Data 6.x-1.0
Mobile4social Exposed Filter Data 6.x-1.x
4.3
CVSSv2
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
Yandex.metrics Project Yandex Metrics 7.x-1.4
Yandex.metrics Project Yandex Metrics 7.x-1.2
Yandex.metrics Project Yandex Metrics 7.x-1.1
Yandex.metrics Project Yandex Metrics 7.x-1.0
Yandex.metrics Project Yandex Metrics 7.x-1.x
Yandex.metrics Project Yandex Metrics 7.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.1
Yandex.metrics Project Yandex Metrics 6.x-1.x
Yandex.metrics Project Yandex Metrics 6.x-1.0
Yandex.metrics Project Yandex Metrics 6.x-1.5
Yandex.metrics Project Yandex Metrics 6.x-1.4
Yandex.metrics Project Yandex Metrics 6.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.2
4.3
CVSSv2
CVE-2012-5541
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.0-rc3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."
Twitter Pull Project Twitter Pull 6.x-1.2
Twitter Pull Project Twitter Pull 6.x-1.1
Twitter Pull Project Twitter Pull 6.x-1.0
Twitter Pull Project Twitter Pull 6.x-1.x
Twitter Pull Project Twitter Pull 7.x-1.0
Twitter Pull Project Twitter Pull 7.x-1.x
4.3
CVSSv2
CVE-2009-4525
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x prior to 5.x-4.9 and 6.x prior to 6.x-1.9, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via crafted data in a list of links.
Joao Ventura Print 5.x-4.7
Joao Ventura Print 5.x-4.2
Joao Ventura Print 5.x-4.1
Joao Ventura Print 6.x-1.5
Joao Ventura Print 6.x-1.6
Joao Ventura Print 6.x-1.7
Joao Ventura Print 6.x-1.0
Joao Ventura Print 5.x-4.5
Joao Ventura Print 5.x-4.4
Joao Ventura Print 6.x-1.1
Joao Ventura Print 6.x-1.2
Joao Ventura Print 5.x-4.8
Joao Ventura Print 5.x-4.6
Joao Ventura Print 5.x-4.0
Joao Ventura Print 6.x-1.x
Joao Ventura Print 5.x-4.3
Joao Ventura Print 5.x-4.x
Joao Ventura Print 6.x-1.3
Joao Ventura Print 6.x-1.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »