Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal data 6.x-1.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
NA
CVE-2012-1654
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x prior to 6.x-1.0 and 7.x-1.x prior to 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title paramete...
Alex Barth Data 6.x-1.0
Alex Barth Data 7.x-1.x
Alex Barth Data 6.x-1.x
Alex Barth Data 7.x-1.0
NA
CVE-2012-2727
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Bryce Hamrick Janrain Capture 7.x-1.0
Bryce Hamrick Janrain Capture 6.x-1.0
NA
CVE-2009-3782
Unspecified vulnerability in Userpoints 6.x prior to 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.
2bits Userpoints 6.x-1.0
2bits Userpoints 6.x-1.x-dev
NA
CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mobile4social Exposed Filter Data 6.x-1.1
Mobile4social Exposed Filter Data 6.x-1.0
Mobile4social Exposed Filter Data 6.x-1.x
NA
CVE-2012-5541
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.0-rc3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."
Twitter Pull Project Twitter Pull 6.x-1.2
Twitter Pull Project Twitter Pull 6.x-1.1
Twitter Pull Project Twitter Pull 6.x-1.0
Twitter Pull Project Twitter Pull 6.x-1.x
Twitter Pull Project Twitter Pull 7.x-1.0
Twitter Pull Project Twitter Pull 7.x-1.x
NA
CVE-2012-2296
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote malicious users to obtain sensitive information by leveraging a separate vulnerabil...
Janrain Rpx 6.x-1.0
Janrain Rpx 6.x-2.1
Janrain Rpx 7.x-2.1
Janrain Rpx 6.x-1.4
Janrain Rpx 6.x-1.2
Janrain Rpx 6.x-1.3
Janrain Rpx 7.x-2.0
Janrain Rpx 6.x-1.1
Janrain Rpx 7.x-2.x
NA
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
NA
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
Yandex.metrics Project Yandex Metrics 7.x-1.4
Yandex.metrics Project Yandex Metrics 7.x-1.2
Yandex.metrics Project Yandex Metrics 7.x-1.1
Yandex.metrics Project Yandex Metrics 7.x-1.0
Yandex.metrics Project Yandex Metrics 7.x-1.x
Yandex.metrics Project Yandex Metrics 7.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.1
Yandex.metrics Project Yandex Metrics 6.x-1.x
Yandex.metrics Project Yandex Metrics 6.x-1.0
Yandex.metrics Project Yandex Metrics 6.x-1.5
Yandex.metrics Project Yandex Metrics 6.x-1.4
Yandex.metrics Project Yandex Metrics 6.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »