Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x prior to 7.x-1.11 for Drupal allows remote malicious users to hijack the authentication of aribitrary users via a security token that is not ...
Mozilla Persona
6.8
CVSSv2
CVE-2013-4225
The RESTful Web Services (restws) module 7.x-1.x prior to 7.x-1.4 and 7.x-2.x prior to 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create ...
Restful Web Services Project Restful Web Services
Restful Web Services Project Restful Web Services 7.x-2.x
4
CVSSv2
CVE-2012-5570
The Basic webmail module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
Basic Webmail Project Basic Webmail 6.x-1.0
Basic Webmail Project Basic Webmail 6.x-1.1
Basic Webmail Project Basic Webmail 6.x-1.x
4.3
CVSSv2
CVE-2014-8338
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote malicious users to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
Videowhisper Webcam 7.x-1.7
4
CVSSv2
CVE-2013-4187
The Flippy module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
Flippy Project Flippy
Flippy Project Flippy 7.x-1.x
7.5
CVSSv2
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
4.3
CVSSv2
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
7.5
CVSSv2
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
3.5
CVSSv2
CVE-2012-5558
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions before 6.x-1.1 and Smileys module 6.x-1.x versions before 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML v...
Smiley Project Smiley
Smileys Project Smileys
5
CVSSv2
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »