Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4514 2 Astha Bhatnagar, Drupal 2 Shindigintegrator, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4515 2 Drupal, Speedtech 2 Drupal, Storm 2026-04-23 N/A
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
CVE-2009-4516 2 Drupal, Nanwich 2 Drupal, Faq Ask 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4517 2 Drupal, Nanwich 2 Drupal, Faq Ask 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
CVE-2009-4518 2 Drupal, Mark Burton 2 Drupal, Insertnode 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
CVE-2009-4520 2 Drupal, Kristof De Jaeger 2 Drupal, Commentreference 2026-04-23 N/A
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVE-2026-0749 2 Drupal, Silence 2 Drupal, Form Builder 2026-04-18 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.
CVE-2026-0750 2 Drupal, Verifone 2 Drupal Commerce Paybox, Commerce Paybox 2026-04-18 7.5 High
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.
CVE-2026-1553 2 Drupal, Drupal Canvas Project 2 Canvas, Drupal Canvas 2026-04-17 4.8 Medium
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.
CVE-2006-2742 1 Drupal 1 Drupal 2026-04-16 N/A
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.
CVE-2006-4821 1 Drupal 1 Drupal Userreview Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-2260 1 Drupal 1 Drupal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-3974 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
CVE-2006-4717 1 Drupal 1 Drupal Pubcookie Module 2026-04-16 N/A
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
CVE-2006-1228 1 Drupal 1 Drupal 2026-04-16 N/A
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
CVE-2006-4646 1 Drupal 1 Drupal Pathauto Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2005-1871 1 Drupal 1 Drupal 2026-04-16 N/A
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
CVE-2006-4360 1 Drupal 1 Drupal E-commerce Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4356 1 Drupal 1 Drupal Easylinks Module 2026-04-16 N/A
SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-1227 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.