Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal project vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2012-5558
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions before 6.x-1.1 and Smileys module 6.x-1.x versions before 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML v...
Smiley Project Smiley
Smileys Project Smileys
3.5
CVSSv2
CVE-2014-8320
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x prior to 6.x-1.12 and 7.x-1.x prior to 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the re...
Custom Search Project Custom Search 6.x-1.0
Custom Search Project Custom Search 6.x-1.7
Custom Search Project Custom Search 6.x-1.8
Custom Search Project Custom Search 7.x-1.4
Custom Search Project Custom Search 7.x-1.5
Custom Search Project Custom Search 7.x-1.12
Custom Search Project Custom Search 7.x-1.13
Custom Search Project Custom Search 6.x-1.3
Custom Search Project Custom Search 6.x-1.4
Custom Search Project Custom Search 7.x-1.0
Custom Search Project Custom Search 7.x-1.1
Custom Search Project Custom Search 7.x-1.8
Custom Search Project Custom Search 7.x-1.9
Custom Search Project Custom Search 6.x-1.5
Custom Search Project Custom Search 6.x-1.6
Custom Search Project Custom Search 7.x-1.2
Custom Search Project Custom Search 7.x-1.3
Custom Search Project Custom Search 7.x-1.10
Custom Search Project Custom Search 7.x-1.11
Custom Search Project Custom Search 6.x-1.1
Custom Search Project Custom Search 6.x-1.2
Custom Search Project Custom Search 6.x-1.9
5
CVSSv2
CVE-2015-4368
The Commerce Ogone module 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to complete the checkout for an order without paying via unspecified vectors.
Commerce Ogone Project Commerce Ogone 7.x-1.0
Commerce Ogone Project Commerce Ogone 7.x-1.1
Commerce Ogone Project Commerce Ogone 7.x-1.2
Commerce Ogone Project Commerce Ogone 7.x-1.4
Commerce Ogone Project Commerce Ogone 7.x-1.3
3.5
CVSSv2
CVE-2014-8319
Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x prior to 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title.
Easy Social Project Easy Social 7.x-2.3
Easy Social Project Easy Social 7.x-2.4
Easy Social Project Easy Social 7.x-2.0
Easy Social Project Easy Social 7.x-2.7
Easy Social Project Easy Social 7.x-2.8
Easy Social Project Easy Social 7.x-2.1
Easy Social Project Easy Social 7.x-2.2
Easy Social Project Easy Social 7.x-2.9
Easy Social Project Easy Social 7.x-2.10
Easy Social Project Easy Social 7.x-2.5
Easy Social Project Easy Social 7.x-2.6
3.5
CVSSv2
CVE-2015-3357
Cross-site scripting (XSS) vulnerability in the Wishlist module prior to 6.x-2.7 and 7.x-2.x prior to 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are no...
Wishlist Project Wishlist 7.x-2.6
Wishlist Project Wishlist 7.x-2.x-dev
Wishlist Project Wishlist 7.x-2.5
Wishlist Project Wishlist
3.5
CVSSv2
CVE-2014-9739
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x prior to 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.
Node Field Project Node Field 7.x-2.3
Node Field Project Node Field 7.x-2.4
Node Field Project Node Field 7.x-2.41
Node Field Project Node Field 7.x-2.42
Node Field Project Node Field 7.x-2.1
Node Field Project Node Field 7.x-2.44
Node Field Project Node Field 7.x-2.0
Node Field Project Node Field 7.x-2.2
Node Field Project Node Field 7.x-2.43
5
CVSSv2
CVE-2015-7228
The RESTful module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Restful Project Restful 7.x-1.0
Restful Project Restful 7.x-1.1
Restful Project Restful 7.x-1.2
5
CVSSv2
CVE-2015-5512
The me aliases module 6.x-2.x prior to 6.x-2.10 and 7.x-1.x prior to 7.x-1.2 for Drupal allows remote malicious users to access Views using the "me" user argument handler by substituting "me" for a user id in a URL.
Me Aliases Project Me Aliases 6.x-2.0
Me Aliases Project Me Aliases 6.x-2.8
Me Aliases Project Me Aliases 6.x-2.9
Me Aliases Project Me Aliases 6.x-2.4
Me Aliases Project Me Aliases 6.x-2.5
Me Aliases Project Me Aliases 6.x-2.1
Me Aliases Project Me Aliases 6.x-2.2
Me Aliases Project Me Aliases 6.x-2.3
Me Aliases Project Me Aliases 7.x-1.0
Me Aliases Project Me Aliases 7.x-1.1
Me Aliases Project Me Aliases 6.x-2.6
Me Aliases Project Me Aliases 6.x-2.7
5.8
CVSSv2
CVE-2015-4398
Open redirect vulnerability in the Chaos tool suite (ctools) module prior to 6.x-1.12 and 7.x-1.x prior to 7.x-1.7 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmat...
Chaos Tool Suite Project Ctools
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.3
Chaos Tool Suite Project Ctools 7.x-1.5
7.5
CVSSv2
CVE-2015-5502
The Storage API module 7.x-1.x prior to 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote malicious users to have unspecified impact via unknown vectors.
Storage Api Project Storage Api 7.x-1.5
Storage Api Project Storage Api 7.x-1.6
Storage Api Project Storage Api 7.x-1.1
Storage Api Project Storage Api 7.x-1.2
Storage Api Project Storage Api 7.x-1.0
Storage Api Project Storage Api 7.x-1.7
Storage Api Project Storage Api 7.x-1.3
Storage Api Project Storage Api 7.x-1.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »