92 matches found
CVE-2013-0325
Multiple cross-site scripting XSS vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a 1 Watchdog message or 2 admin setting...
CVE-2010-3094
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
CVE-2012-5547
Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...
CVE-2017-20001
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2016-1913
Multiple cross-site scripting XSS vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to 1 individual contacts, 2 notes, or 3 engagement scores...
CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors...
CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors...
CVE-2009-3921
The Smartqueueog module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation message...
CVE-2009-3352
Multiple unspecified vulnerabilities in the quotabyrole Quota by role module for Drupal have unknown impact and attack vectors...
Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal 11.0.x < 11.0.12 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal 11.1.x < 11.1.3 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal Multiple Vulnerabilities (SA-CORE-2025-001, SA-CORE-2025-002, SA-CORE-2025-003) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal Multiple Vulnerabilities (SA-CORE-2025-001, SA-CORE-2025-002, SA-CORE-2025-003) - Linux
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 10.3.x < 10.3.13 / 10.3.x < 10.3.13 / 10.4.x < 10.4.3 / 10.4.x < 10.4.3 / 11.x < 11.0.12 / 11.x < 11.0.12 / 11.1.x < 11.1.3 / 11.1.x < 11.1.3 Multiple Vulnerabilities (drupal-2025-02-19)
According to its self-reported version, the instance of Drupal running on the remote web server is 10.3.x prior to 10.3.13, 10.3.x prior to 10.3.13, 10.4.x prior to 10.4.3, 10.4.x prior to 10.4.3, 11.x prior to 11.0.12, 11.x prior to 11.0.12, 11.1.x prior to 11.1.3, or 11.1.x prior to 11.1.3. It...
CVE-2024-13298 Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting XSS.This issue affects Tarte au Citron: from 2.0.0 before 2.0.5...
CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...
CVE-2024-13270 Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 1.0.0 through 2.0.2, which stems from improper input neutralization during web page generation, resulting in a cross-site scripting...