CVE-2016-20005

The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Drupal REST/JSON Security Vulnerability

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows users to enumerate...

Drupal REST/JSON Security Vulnerability

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows user registration bypass...

CVE-2016-20001

The CVE-2016-20001 entry concerns the Drupal REST/JSON project (7.x-1.x). According to the sources, this module allows a node access bypass, referenced as SA-CONTRIB-2016-033. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE lists) with no explicit exploit details in the p...

CVE-2014-1398

CVE-2014-1398 affects Drupal: the Entity API module (7.x-1.x) before 7.x-1.3 may let remote authenticated users bypass access restrictions on comment, user and node statistics properties via unspecified vectors. Connected documents confirm fixes in 7.x-1.3 (e.g., Fedora updates for drupal7-entity...

Clientside Validation - Critical - Arbitary PHP Execution - DRUPAL-SA-CONTRIB-2017-072

The Clientside Validation module enables you to have clientside Javascript validation on your forms. The module does not sufficiently validate parameters of a POST request made when validating a CAPTCHA. For the 1.x version of this module, this vulnerability is mitigated by the fact that the...

OpenLucius - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-004

OpenLucius is a work management platform for social communication, documentation, and projects. The distribution doesn't sufficiently use tokens when marking messages for users as read thereby exposing a Cross Site Request Forgery CSRF vulnerability. The distribution does not sufficiently filter...

Drupal Administration Views Module Access Privilege Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Administration Views is one of the modules used to replace the administration overview or list pages. An access rights bypass vulnerability exists in the Drupal Administration Views...

Multiple vulnerabilities in the Drupal Search API module

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search API is one of the framework modules used to create search functionality for any Entity of Drupal. Information disclosure vulnerabilities, cross-site scripting vulnerabilities, an...

Drupal Boost Module Information Disclosure Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Boost is one of the modules that improves the performance of a website by optimizing page caching of static files for anonymous users. An information disclosure vulnerability exists in...

Drupal Commerce Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. commerce is one of the e-commerce modules. An information disclosure vulnerability exists in version 7.x-1.x of the Drupal Commerce module before 7.x-1.13. An attacker can exploit this...

Drupal Arbitrary SQL Command Execution Vulnerability

Drupal is an open source content management platform. Arbitrary SQL command execution vulnerability exists in Drupal 7 driver for SQL Server SQL Azure versions 7.x-1.x prior to 7.x-1.4. Allows remote attackers to execute arbitrary SQL commandsvec execute arbitrary SQL commands...

Drupal CMS Updater Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP.CMS Updater module for Drupal is a module for Drupal that provides security protection for Drupal websites. A cross-site scripting vulnerability in the Drupal CMS Updater module 7.x-1.3 prior to version 7.x-1.x allows...

Drupal Administration Views Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP.Administration Views module for Drupal is a module for Drupal that replaces the administration overview or listings pages. A security vulnerability in versions 7.x-1.x prior to 7.x-1.x of the Drupal Administration Views modu...

Cross site scripting

Cross-site scripting XSS vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data...

Drupal Spotlight Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Spotlight module versions 7.x-1.5 prior to 7.x-1.x, which can be exploited by a remote attacker with specific...

Drupal Smart Trim module cross-site scripting vulnerability (CNVD-2015-05695)

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Smart Trim is one of the text field formatting modules. A cross-site scripting vulnerability exists in the Drupal Smart Trim module in versions 7.x-1.5 prior to 7.x-1.x. A remote attack...

CVE-2014-9738

The CVE-2014-9738 entry concerns the Drupal contributed Tournament module (7.x-1.x) with XSS in three fields: account username, node title, and team entity title, affecting all 7.x-1.x versions prior to 7.x-1.2. The root cause is cross-site scripting in display of user-provided strings, exploitab...

CVE-2013-7064

Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...

CVE-2013-7064

Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...