Drupal

Drupal

266 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.1

CVE-2010-3094

  • EPSS 0.22%
  • Published 21.09.2010 20:00:02
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a t...

3.5

CVE-2009-4369

Exploit
  • EPSS 0.26%
  • Published 21.12.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide conta...

3.5

CVE-2009-4370

  • EPSS 0.16%
  • Published 21.12.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu descript...

3.5

CVE-2009-4371

Exploit
  • EPSS 0.15%
  • Published 21.12.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrar...

6.8

CVE-2009-4066

  • EPSS 0.2%
  • Published 24.11.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors r...

4.3

CVE-2009-3479

  • EPSS 0.24%
  • Published 30.09.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary we...

10

CVE-2009-3352

  • EPSS 0.81%
  • Published 24.09.2009 16:30:01
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.

2.1

CVE-2009-3156

  • EPSS 0.6%
  • Published 10.09.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script o...

6.5

CVE-2009-2372

  • EPSS 1.13%
  • Published 08.07.2009 15:30:01
  • Last modified 09.04.2025 00:30:58

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTM...

4.3

CVE-2009-2373

Exploit
  • EPSS 0.24%
  • Published 08.07.2009 15:30:01
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.