Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 4.7 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2006-4947
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module prior to 1.15 2006/09/15 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."
Drupal Search Keyword Module 1.12
Drupal Search Keyword Module 1.13
Drupal Search Keyword Module 1.14
Drupal Search Keyword Module
5
CVSSv2
CVE-2007-4436
The Drupal Project module prior to 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module prior to 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote malicious users to (1) obtain sensitive via the Tracker Module and the Recent...
Drupal Project
Drupal Project Issue Tracking Module
6.8
CVSSv2
CVE-2006-6386
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote malicious users to inject arbitrary web script or HTML via the motivation field in the CVS application...
Drupal Cvs Management And Tracker 4.7 1.0
Drupal Cvs Management And Tracker 4.7 2.0
4.3
CVSSv2
CVE-2008-0463
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x prior to 4.7.x-1.2 and 5.x prior to 5.x-1.2 module for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving node properties.
Drupal Workflow
4.3
CVSSv2
CVE-2008-0271
The editor deletion form in BUEditor 4.7.x prior to 4.7.x-1.0 and 5.x prior to 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and delete custom editor...
Drupal Bueditor
5
CVSSv2
CVE-2008-0275
The Atom 4.7 prior to 4.7.x-1.0 and 5.x prior to 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote malicious users to gain access to syndicated content.
Drupal Atom Module
4.3
CVSSv2
CVE-2007-3817
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev prior to 20070712 for Drupal, when configured to display a "Log out" link, allows remote malicious users to inject arbitrary web script or HTML via a crafted u...
Drupal Logintoboggan Module
7.5
CVSSv2
CVE-2006-6528
The Chatroom Module prior to 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote malicious users to hijack sessions and gain privileges.
Drupal Chatroom Module
7.5
CVSSv2
CVE-2006-4108
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Drupal Bibliography Module
4.3
CVSSv2
CVE-2006-4109
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Bibliography Module
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »