drupal
509 tracked vulnerabilities.
CVE-2014-8765
Drupal PIFR module 6.x-2.x < 6.x-2.17 - XSS
Oct 14, 2014
EPSS 0.00
CVE-2014-8748
Drupal Doubleclick for Publishers 7.x-1.x - Authenticated Stored Cross-Site Scripting via Slot Name
Oct 13, 2014
EPSS 0.00
CVE-2014-8747
Drupal Commons 7.x-3.x < 7.x-3.9 - Cross-Site Scripting via Content Creation and Activity Stream Messages
Oct 13, 2014
EPSS 0.00
CVE-2014-8746
Skeleton Theme 7.x-1.2-7.x-1.3 - Authenticated Cross-Site Scripting via Theme Settings
Oct 13, 2014
EPSS 0.00
CVE-2014-8745
Drupal Custom Search <7.x-1.15 - XSS
Oct 13, 2014
EPSS 0.00
CVE-2014-8744
Drupal Nivo Slider 7.x-2.x - Authenticated Cross-Site Scripting via Image Title
Oct 13, 2014
EPSS 0.00
CVE-2014-8743
Drupal Maestro 7.x-1.x < 7.x-1.4 - Authenticated Cross-Site Scripting via Role or Organic Group Name
Oct 13, 2014
EPSS 0.00
CVE-2014-8079
Drupal MAYO theme 7.x-1.x < 7.x-1.3 - Authenticated Cross-Site Scripting via Header Background Setting
Oct 09, 2014
EPSS 0.00
CVE-2014-8078
Drupal Print 6.x-1.x < 6.x-1.19, 7.x-1.x < 7.x-1.3, 7.x-2.x < 7.x-2.0 - Authenticated Cross-Site Scripting
Oct 09, 2014
EPSS 0.00
CVE-2014-8077
Drupal NewsFlash 6.x-1.x < 6.x-1.7 and 7.x-1.x < 7.x-2.5 - Cross-Site Scripting via Font Family CSS
Oct 09, 2014
EPSS 0.00
CVE-2014-8076
Professional Theme < 7.x-2.04 - Authenticated Cross-Site Scripting via Custom Copyright Information
Oct 09, 2014
EPSS 0.00
CVE-2014-8075
Drupal Tribune 6.x-1.x and 7.x-3.x - Authenticated Stored Cross-Site Scripting via Node Title
Oct 09, 2014
EPSS 0.00
CVE-2014-7980
Zen theme for Drupal 7.x-3.x < 7.x-3.3 and 7.x-5.x < 7.x-5.5 - Authenticated Stored XSS via Theme Settings
Oct 08, 2014
EPSS 0.00
CVE-2014-7979
SimpleCorp theme 7.x-1.x - Authenticated Cross-Site Scripting via Theme Settings
Oct 08, 2014
EPSS 0.00
CVE-2014-7978
BlueMasters theme 7.x-2.x - Authenticated Cross-Site Scripting via Theme Settings
Oct 08, 2014
EPSS 0.00
CVE-2014-7870
Drupal Custom Search Module 6.x-1.x < 6.x-1.12 and 7.x-1.x < 7.x-1.14 - Cross-Site Scripting
Oct 06, 2014
EPSS 0.00
CVE-2014-7869
Context Form Alteration module 7.x-1.x - Authenticated Cross-Site Scripting in Configuration UI
Oct 06, 2014
EPSS 0.00
CVE-2014-5267
Drupal 6.x < 6.33 and 7.x < 7.31 - XML External Entity Injection via XRDS Document DOCTYPE
Sep 30, 2014
EPSS 0.01
CVE-2014-5266
WordPress < 3.9.2 - Denial of Service via Large XML Document in IXR Library
Aug 18, 2014
EPSS 0.76
CVE-2014-5265
WordPress < 3.9.2 - Denial of Service via XML Entity Expansion
Aug 18, 2014
EPSS 0.07
CVE-2014-5022
Drupal 7.x < 7.29 - Cross-Site Scripting via Ajax-Enabled Textfield and File Field
Jul 22, 2014
EPSS 0.00
CVE-2014-5021
Drupal 6.x < 6.32 and possibly 7.x < 7.29 - Authenticated Cross-Site Scripting via Option Group Label
Jul 22, 2014
EPSS 0.00
CVE-2014-5020
Drupal 7.x < 7.29 - Authenticated Unauthorized File Access via File Module
Jul 22, 2014
EPSS 0.00
CVE-2014-5019
Drupal 6.x < 6.32 and 7.x < 7.29 - Denial of Service via HTTP Host Header
Jul 22, 2014
EPSS 0.00
CVE-2014-2983
Drupal 6.x < 6.31 and 7.x < 7.27 - Unauthenticated Exposure of Sensitive Information via Cached Form Data
Apr 23, 2014
EPSS 0.00
Products
drupal 273
core 91
core-recommended 6
project_issue_tracking_module 6
Drupal core 5
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
File Access Fix (deprecated) 2
activity 2
ajax_checklist 2
artificial_intelligence 2
bibliography_module 2
brilliant_gallery 2
chatroom_module 2
civictheme 2
cookies_consent_management 2
custom_search_module 2
data 2
database_administration_module 2
drupal_easylinks_module 2
google_tag 2
Quick Filters