Search Results (946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2117 2 Drupal, Yaniv Aran-shamir 2 Drupal, Gigya 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2155 2 Drupal, Kyle Browning 2 Drupal, Cdn2 Video 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-5551 2 Drupal, Thinkshout 2 Drupal, Mailchimp 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests."
CVE-2012-2296 2 Drupal, Janrain 2 Drupal, Rpx 2025-04-11 N/A
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
CVE-2012-2298 2 Drupal, Nancy Wichmann 3 Drupal, Realname, Realname 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
CVE-2012-2299 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
CVE-2012-2300 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2303 2 Drupal, Florian Weber 2 Drupal, Spaces 2025-04-11 N/A
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
CVE-2012-2308 2 Drupal, Tahiticlic 2 Drupal, Taxonomy Grid Catalog 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2309 2 Drupal, Wearepropeople 2 Drupal, Glossify Internal Links Auto Seo 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2339 2 Drupal, Nancy Wichmann 2 Drupal, Glossary 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
CVE-2012-2341 2 Drupal, Rahul Singla 2 Drupal, Take Control 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
CVE-2012-3802 2 Drupal, Peter Pokrivcak 2 Drupal, Post Affiliate Pro 2025-04-11 N/A
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
CVE-2012-5550 2 Carlos Carvalhar, Drupal 2 Time Spent, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2703 2 Drupal, John Franklin 2 Drupal, Advertisement 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."
CVE-2012-2707 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 N/A
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
CVE-2012-2708 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log.
CVE-2012-2710 2 Drupal, John Albin 2 Drupal, Zen 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2712 2 Drupal, Thomas Seidl 2 Drupal, Search Api 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.
CVE-2012-2713 2 Browserid Project, Drupal 2 Browserid, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.