Lucene search
K

18 matches found

NVD
NVD
added 2026/01/28 7:16 p.m.6 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

6.1CVSS0.00204EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/28 6:56 p.m.26 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS0.00204EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/28 6:56 p.m.2 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/28 6:56 p.m.8 views

EUVD-2026-4876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:56 p.m.3 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/28 6:56 p.m.16 views

CVE-2026-0749

Technical details, affected versions, and mitigation are not publicly provided in the supplied documents. Monitor for updates from official advisories and CVE entries.

6.1CVSS5.9AI score0.00204EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/28 6:56 p.m.5 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Drupal Form Builder security vulnerabilities

Drupal Form Builder is a form generation plugin for the Drupal community. Versions 7.X-1.0 to 7.X-1.22 of Drupal Form Builder have security vulnerabilities. These vulnerabilities stem from improper input handling during form generation, which may lead to cross-site scripting attacks...

6.1CVSS5.6AI score0.00204EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-6598

Malware in sbrugna...

6.8CVSS6AI score0.01335EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2015-6660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that...

6.8CVSS5.5AI score0.01335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-25273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow a...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 2:15 p.m.3 views

UBUNTU-CVE-2022-25273

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7AI score0.00568EPSS
Exploits0References3
OSV
OSV
added 2022/04/20 3:4 p.m.4 views

DRUPAL-CORE-2022-008

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS6.7AI score0.00568EPSS
Exploits0References1
OSV
OSV
added 2015/08/24 2:59 p.m.5 views

UBUNTU-CVE-2015-6660

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...

6.8CVSS5.8AI score0.01335EPSS
Exploits0References3
OSV
OSV
added 2014/07/22 2:55 p.m.3 views

UBUNTU-CVE-2014-5021

Cross-site scripting XSS vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label...

2.1CVSS6.5AI score0.01127EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/05/17 12:0 a.m.54 views

JVN#45898075: Drupal Form API fails to validate the redirect URL

Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...

5.8CVSS6.1AI score0.01378EPSS
Exploits1
Drupal
Drupal
added 2009/03/25 12:0 a.m.15 views

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...

7.2AI score
Exploits0References5
Rows per page
Query Builder