Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal token module vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5585
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x prior to 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
Mixpanel Project Mixpanel 6.x-1.0
Mixpanel Project Mixpanel 6.x-1.x
NA
CVE-2013-0258
The Google Authenticator login (ga_login) module 7.x prior to 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote malicious users to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
Google Authenticator Login Project Ga Login 7.x-1.0
Google Authenticator Login Project Ga Login 7.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.2
NA
CVE-2012-4469
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x prior to 6.x-2.6 and 7.x-2.x prior to 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote malicious users to inject arbitrary web script or HTML via an invalid token, which is n...
Simon Rycroft Hashcash 6.x-2.0
Simon Rycroft Hashcash 6.x-2.1
Simon Rycroft Hashcash 6.x-2.2
Simon Rycroft Hashcash 6.x-2.3
Simon Rycroft Hashcash 6.x-2.4
Simon Rycroft Hashcash 6.x-2.5
Simon Rycroft Hashcash 7.x-2.0
Simon Rycroft Hashcash 7.x-2.1
NA
CVE-2010-4813
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x prior to 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly han...
Category Tokens Project Category Tokens 6.x-1.0
8.8
CVSSv3
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x prior to 7.x-1.11 for Drupal allows remote malicious users to hijack the authentication of aribitrary users via a security token that is not ...
Mozilla Persona
7.3
CVSSv3
CVE-2016-3188
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently ...
Prepopulate Project Prepopulate 7.x-2.0
Prepopulate Project Prepopulate 7.x-2.x
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2