DRUPAL-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...

CVE-2012-2065

Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2065

Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2065

Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2065

The CVE affects the Drupal Language Icons module: versions 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 are vulnerable due to unsanitized user-supplied data, enabling XSS by remote authenticated users with administer languages permissions. Mitigation: upgrade to Language icons 6.x-2.1 (Drupa...