Export limit exceeded: 367183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5569 3 Basic Webmail Project, Drupal, Jason Flatt 3 Basic Webmail, Drupal, Basic Webmail 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
CVE-2012-5584 2 Drupal, M2osw 2 Drupal, Tableofcontents 2025-04-11 N/A
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
CVE-2012-5585 2 Drupal, Mixpanel Project 2 Drupal, Mixpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
CVE-2012-5586 2 Drupal, Marc Ingram 2 Drupal, Services 2025-04-11 N/A
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
CVE-2012-5587 2 Drupal, Epiqo 2 Drupal, Email 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
CVE-2012-5588 2 Drupal, Epiqo 2 Drupal, Email 2025-04-11 N/A
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.
CVE-2012-5589 2 Drupal, Netgenius 2 Drupal, Multilink 2025-04-11 N/A
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
CVE-2012-5590 2 Drupal, Scripthead 2 Drupal, Webmail Plus 2025-04-11 N/A
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5591 2 Catalin Florian Radut, Drupal 2 Zeropoint, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases.
CVE-2012-5651 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
CVE-2012-5652 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
CVE-2012-5653 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-11 N/A
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
CVE-2012-5654 2 Drupal, Nodewords Project 2 Drupal, Nodewords 2025-04-11 N/A
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
CVE-2012-5655 2 Drupal, Steven Jones 2 Drupal, Context 2025-04-11 N/A
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2012-5704 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 N/A
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself.
CVE-2012-5705 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."
CVE-2012-6065 2 Daniel Honrade, Drupal 2 Om Maximenu, Drupal 2025-04-11 N/A
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553.
CVE-2012-6572 2 Drupal, Kong 2 Drupal, Inf08 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.
CVE-2012-6573 2 Alejandro Garza, Drupal 2 Apachesolr Autocomplete, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
CVE-2012-6574 2 Drupal, Soprano 2 Drupal, Fonecta Verify 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.