CVE-2012-2339
- EPSS 0.93%
- Published 21.05.2012 20:55:18
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
CVE-2012-1589
- EPSS 0.36%
- Published 18.05.2012 20:55:06
- Last modified 11.04.2025 00:51:21
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
CVE-2007-6752
- EPSS 1.47%
- Published 28.03.2012 10:54:59
- Last modified 11.04.2025 00:51:21
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of...
- EPSS 1.03%
- Published 23.09.2011 23:55:03
- Last modified 11.04.2025 00:51:21
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and cert...
CVE-2011-2687
- EPSS 0.77%
- Published 27.07.2011 02:55:02
- Last modified 11.04.2025 00:51:21
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
- EPSS 0.63%
- Published 29.09.2010 17:00:05
- Last modified 11.04.2025 00:51:21
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by le...
- EPSS 0.63%
- Published 29.09.2010 17:00:05
- Last modified 11.04.2025 00:51:21
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an asserti...
- EPSS 0.63%
- Published 29.09.2010 17:00:04
- Last modified 11.04.2025 00:51:21
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an as...
CVE-2010-3092
- EPSS 0.17%
- Published 21.09.2010 20:00:02
- Last modified 11.04.2025 00:51:21
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a fil...
CVE-2010-3093
- EPSS 0.25%
- Published 21.09.2010 20:00:02
- Last modified 11.04.2025 00:51:21
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" is...