VYPR

Vendor CVEs

Drupal

All CVEs

1,207 total · sorted by risk
  • CVE-2015-4386Jun 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy…

  • CVE-2015-4384Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4383Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.

  • CVE-2015-4382Jun 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices…

  • CVE-2015-4381Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving…

  • CVE-2015-4379Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.

  • CVE-2015-4378Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator.

  • CVE-2015-4376Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4375Jun 15, 2015
    risk 0.00cvss epss 0.01

    The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

  • CVE-2015-4373Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.

  • CVE-2015-4371Jun 15, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.

  • CVE-2015-4369Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4368Jun 15, 2015
    risk 0.00cvss epss 0.01

    The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors.

  • CVE-2015-4366Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4364Jun 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to…

  • CVE-2015-4363Jun 15, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2015-4362Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.

  • CVE-2015-4361Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.

  • CVE-2015-4360Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via…

  • CVE-2015-4359Jun 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web…

  • CVE-2015-4358Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to…

  • CVE-2015-4357Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the…

  • CVE-2015-4356Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.

  • CVE-2015-4355Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors.

  • CVE-2015-4354Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4353Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors.

  • CVE-2015-4352Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.

  • CVE-2015-4351Jun 15, 2015
    risk 0.00cvss epss 0.01

    The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.

  • CVE-2015-4350Jun 15, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.

  • CVE-2015-4349Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.

  • CVE-2015-4348Jun 15, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4347Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.

  • CVE-2015-4346Jun 15, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.

  • CVE-2015-4345Jun 15, 2015
    risk 0.00cvss epss 0.01

    The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-4344Jun 15, 2015
    risk 0.00cvss epss 0.01

    The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.

  • CVE-2015-3404Apr 22, 2015
    risk 0.00cvss epss 0.01

    The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF…

  • CVE-2015-3393Apr 21, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.

  • CVE-2015-3392Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

  • CVE-2015-3391Apr 21, 2015
    risk 0.00cvss epss 0.01

    The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page.

  • CVE-2015-3390Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-3389Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-3388Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.

  • CVE-2015-3387Apr 21, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2) taxonomy term title.

  • CVE-2015-3386Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

  • CVE-2015-3385Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter.

  • CVE-2015-3384Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-3383Apr 21, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2015-3382Apr 21, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors.

  • CVE-2015-3381Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-3380Apr 21, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors.

Page 9 of 25