Lucene search
K

10 matches found

OSV
OSV
added 2024/12/11 7:44 a.m.5 views

DRUPAL-CONTRIB-2024-072

This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

3.8CVSS6.4AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2015/08/18 6:0 p.m.19 views

CVE-2015-5513

Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...

2.1CVSS5.5AI score0.00996EPSS
Exploits0References4
CVE
CVE
added 2015/08/18 5:0 p.m.41 views

CVE-2015-5513

CVE-2015-5513 affects Drupal via the Shibboleth authentication module (versions 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2). The root cause is an XSS flaw allowing remote authenticated users with the Administer blocks permission to inject arbitrary scripts/HTML through an unspecified vecto...

2.1CVSS5.6AI score0.00996EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/06/15 2:59 p.m.12 views

CVE-2015-4367

Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...

3.5CVSS5.3AI score0.00965EPSS
Exploits0References5
Prion
Prion
added 2015/06/15 2:59 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...

3.5CVSS5.6AI score0.00965EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.19 views

CVE-2015-4367

Cross-site scripting XSS vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content...

5.3AI score0.00965EPSS
Exploits0References5
Prion
Prion
added 2012/08/14 11:55 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...

2.1CVSS5.7AI score0.01318EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2012/08/14 11:0 p.m.29 views

CVE-2012-2070

Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...

5.3AI score0.01318EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2010/05/10 12:0 a.m.45 views

Drupal 6.16 With Context 6.x-2.0-rc3 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure may be found at: http://www.madirish.net/?article=457 CVE-2010-1584 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. T...

2.1CVSS0.01243EPSS
Exploits2
Cvelist
Cvelist
added 2007/07/17 1:0 a.m.25 views

CVE-2007-3818

Cross-site scripting XSS vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."...

5.7AI score0.00688EPSS
Exploits0References2
Rows per page
Query Builder