Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal token module vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x prior to 7.x-1.11 for Drupal allows remote malicious users to hijack the authentication of aribitrary users via a security token that is not ...
Mozilla Persona
7.3
CVSSv3
CVE-2016-3188
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently ...
Prepopulate Project Prepopulate 7.x-2.0
Prepopulate Project Prepopulate 7.x-2.x
NA
CVE-2015-8602
The Token Insert Entity module 7.x-1.x prior to 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which em...
Token Insert Entity Project Token Insert Entity 7.x-1.0
NA
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
NA
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
NA
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
NA
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x prior to 6.x-3.2 and 7.x-3.x prior to 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leve...
Steven Jones Context 6.x-2.0
Steven Jones Context 6.x-3.0
Steven Jones Context 6.x-3.1
Steven Jones Context 6.x-3.x
Steven Jones Context 7.x-3.0
Steven Jones Context 7.x-3.x
NA
CVE-2013-0258
The Google Authenticator login (ga_login) module 7.x prior to 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote malicious users to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
Google Authenticator Login Project Ga Login 7.x-1.0
Google Authenticator Login Project Ga Login 7.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.2
NA
CVE-2012-5585
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x prior to 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
Mixpanel Project Mixpanel 6.x-1.0
Mixpanel Project Mixpanel 6.x-1.x
NA
CVE-2012-4469
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x prior to 6.x-2.6 and 7.x-2.x prior to 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote malicious users to inject arbitrary web script or HTML via an invalid token, which is n...
Simon Rycroft Hashcash 6.x-2.0
Simon Rycroft Hashcash 6.x-2.1
Simon Rycroft Hashcash 6.x-2.2
Simon Rycroft Hashcash 6.x-2.3
Simon Rycroft Hashcash 6.x-2.4
Simon Rycroft Hashcash 6.x-2.5
Simon Rycroft Hashcash 7.x-2.0
Simon Rycroft Hashcash 7.x-2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »