Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal token module vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2
Drupal E-commerce Module
Drupal Token Module
Drupal Asin Field Module
Drupal Drupal 4.7
Drupal Node Relativity Module
Drupal Pathauto Module
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Paypal Node Module
Drupal Ubercart Module
Drupal Fullname Field For Cck
Drupal Invite Module
312
VMScore
CVE-2015-8602
The Token Insert Entity module 7.x-1.x prior to 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which em...
Token Insert Entity Project Token Insert Entity 7.x-1.0
383
VMScore
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Fedoraproject Fedora 23
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.36
Drupal Drupal 7.37
Drupal Drupal 7.x-dev
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.30
Drupal Drupal 7.33
Drupal Drupal 7.6
Drupal Drupal 7.7
445
VMScore
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
445
VMScore
CVE-2015-3373
The Amazon AWS module prior to 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote malicious users to guess the token value and create backups via a crafted URL.
Amazon Aws Project Amazon Aws
445
VMScore
CVE-2012-2720
The Token Authentication (tokenauth) module 6.x-1.x prior to 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote malicious users to perform requests with extra privileges.
Adam Ross Tokenauth 6.x-1.x
Adam Ross Tokenauth 6.x-1.5
Adam Ross Tokenauth 6.x-1.6
Adam Ross Tokenauth 6.x-1.3
Adam Ross Tokenauth 6.x-1.4
Adam Ross Tokenauth 6.x-1.0
Adam Ross Tokenauth 6.x-1.1
445
VMScore
CVE-2009-4533
The Webform module 5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote malicious users to read session variables via unspecified vectors.
Nathan Haug Webform 6.x-2.2
Nathan Haug Webform 6.x-2.1
Nathan Haug Webform 6.x-2.0-beta6
Nathan Haug Webform 6.x-2.0-beta1
Nathan Haug Webform 5.x-2.2
Nathan Haug Webform 5.x-2.1.3
Nathan Haug Webform 6.x-2.4
Nathan Haug Webform 6.x-2.3
Nathan Haug Webform 6.x-2.0-beta4
Nathan Haug Webform 6.x-2.0-beta5
Nathan Haug Webform 5.x-2.4
Nathan Haug Webform 5.x-2.3
Nathan Haug Webform 5.x-2.0-beta3
Nathan Haug Webform 5.x-2.0-beta2
Nathan Haug Webform 5.x-1.6
Nathan Haug Webform 5.x-1.5
Nathan Haug Webform 6.x-2.1-1
Nathan Haug Webform 6.x-2.1.2
Nathan Haug Webform 6.x-2.0-beta2
Nathan Haug Webform 6.x-2.x-dev
Nathan Haug Webform 5.x-2.1.2
Nathan Haug Webform 5.x-2.1.1
312
VMScore
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
436
VMScore
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x prior to 6.x-3.2 and 7.x-3.x prior to 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leve...
Steven Jones Context 7.x-3.0
Steven Jones Context 6.x-3.x
Steven Jones Context 6.x-3.0
Steven Jones Context 6.x-2.0
Steven Jones Context 7.x-3.x
Steven Jones Context 6.x-3.1
187
VMScore
CVE-2010-1539
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x prior to 5.x-2.6 and 6.x-1.x prior to 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
John Vandyk Workflow 5.x-2.x
John Vandyk Workflow 5.x-2.5
John Vandyk Workflow 6.x-1.0
John Vandyk Workflow 5.x-2.1
John Vandyk Workflow 5.x-2.0
John Vandyk Workflow 5.x-2.3
John Vandyk Workflow 5.x-2.2
John Vandyk Workflow 6.x-1.2
John Vandyk Workflow 6.x-1.1
John Vandyk Workflow 5.x-2.4
John Vandyk Workflow 6.x-1.4
John Vandyk Workflow 6.x-1.3
John Vandyk Workflow 6.x-1.x-dev
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »