DRUPAL-CONTRIB-2026-032

The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an tag, they may be able to insert arbitrary JavaScript. This vulnerability is mitigated by the fact that a text format that allows iframe-consent HT...

CVE-2025-11261

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages. Successful exploitation could lead to arbitrary code...

DRUPAL-CONTRIB-2025-113

CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. CivicTheme does not sufficiently filter field data before rendering them in Twig templates. This combined with...

CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113

CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. CivicTheme does not sufficiently filter field data before rendering them in Twig templates. This combined with...

EUVD-2009-3461

Malware in sbrugna...

DRUPAL-CORE-2025-002

Bulk operations allow authorized users to modify several nodes at once from the Content page /admin/content. A site builder can also add bulk operations to other pages using Views. A bug in the core Actions system allows some users to modify some fields using bulk actions that they do not have...

DRUPAL-CONTRIB-2023-055

This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...

PYSEC-2023-285

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

DRUPAL-CONTRIB-2022-056

This module enables you to set content permissions based on taxonomy terms. The module doesn't sufficiently restrict access to translated and unpublished nodes. This vulnerability is mitigated by the fact that it only affects sites with translated content...

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-056

This module enables you to set content permissions based on taxonomy terms. The module doesn't sufficiently restrict access to translated and unpublished nodes. This vulnerability is mitigated by the fact that it only affects sites with translated content...

CVE-2020-1198

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

bootstrap_carousel - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-088

This module provides a way to make carousels, based on bootstrap-carousel.js. The module doesn't sufficiently handle output of img HTML tag's alt property. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any simil...

[SECURITY] Fedora 15 Update: drupal7-field_permissions-1.0-0.2.beta2.fc15

The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. It allows site administrators to set field-level permissions to edit or view CCK fields in any node, and optionally new feature compared to Content Permissions module, edit field during node...

[SECURITY] Fedora 16 Update: drupal7-field_permissions-1.0-0.2.beta2.fc16

The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. It allows site administrators to set field-level permissions to edit or view CCK fields in any node, and optionally new feature compared to Content Permissions module, edit field during node...

Fedora Update for drupal7-field_permissions FEDORA-2012-1390

Check for the Version of drupal7-fieldpermissions OpenVAS Vulnerability Test Fedora Update for drupal7-fieldpermissions FEDORA-2012-1390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

CVE-2008-6229

Cross-site scripting XSS vulnerability in the administrative interface in Drupal Content Construction Kit CCK 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via 1 field...

CVE-2008-6229

Cross-site scripting XSS vulnerability in the administrative interface in Drupal Content Construction Kit CCK 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via 1 field...