Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x prior to 7.x-1.11 for Drupal allows remote malicious users to hijack the authentication of aribitrary users via a security token that is not ...
Mozilla Persona
8.8
CVSSv3
CVE-2013-4225
The RESTful Web Services (restws) module 7.x-1.x prior to 7.x-1.4 and 7.x-2.x prior to 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create ...
Restful Web Services Project Restful Web Services
Restful Web Services Project Restful Web Services 7.x-2.x
4.3
CVSSv3
CVE-2012-5570
The Basic webmail module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
Basic Webmail Project Basic Webmail 6.x-1.0
Basic Webmail Project Basic Webmail 6.x-1.1
Basic Webmail Project Basic Webmail 6.x-1.x
6.1
CVSSv3
CVE-2014-8338
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote malicious users to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
Videowhisper Webcam 7.x-1.7
9.8
CVSSv3
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
6.5
CVSSv3
CVE-2013-4187
The Flippy module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
Flippy Project Flippy
Flippy Project Flippy 7.x-1.x
6.1
CVSSv3
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
4.8
CVSSv3
CVE-2012-5558
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions before 6.x-1.1 and Smileys module 6.x-1.x versions before 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML v...
Smiley Project Smiley
Smileys Project Smileys
9.8
CVSSv3
CVE-2012-2714
The BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users via the audience identifier.
Browserid Project Browserid 7.x-1.0
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »