DRUPAL-CONTRIB-2025-012

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery CSRF. This vulnerability is mitigated by the...

The vulnerability of the Opigno Learning path CMS system’s Drupal module lies in errors during the processing of input data during syntax analysis of code. This allows attackers to execute arbitrary code.

The vulnerability of the Opigno Learning path CMS system’s Drupal component is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Open Social CMS system’s Drupal module, related to access control deficiencies, allows attackers to bypass security restrictions.

The vulnerability of the Open Social CMS system, Drupal, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

The vulnerability of Acquia DAM CMS system’s Drupal module, related to the manipulation of cross-site requests, allows attackers to perform CSRF attacks or cause service failures.

The vulnerability of Acquia DAM CMS system’s Drupal module is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack or cause service failures...

The vulnerability of the Open Social CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Open Social CMS system, Drupal, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Mailjet CMS system’s Drupal module allows a hacker to execute arbitrary code.

The vulnerability of the Mailjet CMS system’s Drupal module is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Coffee CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Coffee CMS system’s Drupal module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...

The vulnerability of the Open Social CMS system’s Drupal module, related to deficiencies in authentication procedures, allows attackers to circumvent security restrictions and execute a forced browsing attack.

The vulnerability of the Open Social CMS system, Drupal, is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

The vulnerability of the Megamenu Framework CMS system’s Drupal module, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Megamenu Framework CMS system’s Drupal module is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the “Allow All File Extensions” module in Drupal CMS systems stems from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the “Allow All File Extensions” module for file fields in Drupal CMS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the unserialize() function in the Eloqua CMS system’s Drupal module allows a hacker to execute arbitrary code.

The vulnerability of the unserialize function in the Eloqua CMS system’s Drupal module is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-13303

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...

Drupal Profile Private module * - Unauthenticated Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type vulnerability discovered by Dezső Biczó in WordPress Module Profile Private versions...

DRUPAL-CONTRIB-2024-072

This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

Drupal Allow All File Extensions for file fields module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Allow All File Extensions for file fields versions...

Drupal Git Utilities for Drupal module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Git Utilities for Drupal versions...

Drupal Download All Files module < 2.0.2 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff in WordPress Module Download All Files versions 2.0.2...

PT-2024-10232 · Drupal · Drupal Oauth & Openid Connect Single Sign On – Sso

Name of the Vulnerable Software and Affected Versions: Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 3.0.0 through 3.43.0 Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 4.0.0 through 4.0.18 Description: The issue is related to imprope...

PT-2024-10085 · Drupal · Download All Files

Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...

Drupal OAuth & OpenID Connect Login - OAuth2.0 Client SSO Login module 3.0.0-3.43.0,4.0.0-4.0.18 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Drupal OAuth & OpenID Connect Login - OAuth2.0 Client SSO Login module 3.0.0-3.43.0,4.0.0-4.0.18 - Unauthenticated Cross Site Scripting XSS vulnerability discovered by Borut Piletic in WordPress Module OAuth & OpenID Connect Login - OAuth2.0 Client SSO Login versions 3.0.0-3.43.0,4.0.0-4.0.18...