Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 4.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4947
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module prior to 1.15 2006/09/15 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."
Drupal Search Keyword Module 1.12
Drupal Search Keyword Module 1.13
Drupal Search Keyword Module 1.14
Drupal Search Keyword Module
NA
CVE-2007-4436
The Drupal Project module prior to 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module prior to 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote malicious users to (1) obtain sensitive via the Tracker Module and the Recent...
Drupal Project
Drupal Project Issue Tracking Module
NA
CVE-2006-6386
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote malicious users to inject arbitrary web script or HTML via the motivation field in the CVS application...
Drupal Cvs Management And Tracker 4.7 1.0
Drupal Cvs Management And Tracker 4.7 2.0
NA
CVE-2008-0463
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x prior to 4.7.x-1.2 and 5.x prior to 5.x-1.2 module for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving node properties.
Drupal Workflow
NA
CVE-2008-0271
The editor deletion form in BUEditor 4.7.x prior to 4.7.x-1.0 and 5.x prior to 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and delete custom editor...
Drupal Bueditor
NA
CVE-2008-0275
The Atom 4.7 prior to 4.7.x-1.0 and 5.x prior to 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote malicious users to gain access to syndicated content.
Drupal Atom Module
NA
CVE-2007-3817
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev prior to 20070712 for Drupal, when configured to display a "Log out" link, allows remote malicious users to inject arbitrary web script or HTML via a crafted u...
Drupal Logintoboggan Module
NA
CVE-2006-6528
The Chatroom Module prior to 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote malicious users to hijack sessions and gain privileges.
Drupal Chatroom Module
NA
CVE-2006-4108
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Drupal Bibliography Module
NA
CVE-2006-4109
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Bibliography Module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »