drupal
557 tracked vulnerabilities.
CVE-2014-8747
Drupal Commons 7.x-3.x < 7.x-3.9 - Cross-Site Scripting via Content Creation and Activity Stream Messages
Oct 13, 2014
EPSS 0.01
CVE-2014-8746
Skeleton Theme 7.x-1.2-7.x-1.3 - Authenticated Cross-Site Scripting via Theme Settings
Oct 13, 2014
EPSS 0.01
CVE-2014-8745
Drupal Custom Search <7.x-1.15 - XSS
Oct 13, 2014
EPSS 0.01
CVE-2014-8744
Drupal Nivo Slider 7.x-2.x - Authenticated Cross-Site Scripting via Image Title
Oct 13, 2014
EPSS 0.01
CVE-2014-8743
Drupal Maestro 7.x-1.x < 7.x-1.4 - Authenticated Cross-Site Scripting via Role or Organic Group Name
Oct 13, 2014
EPSS 0.01
CVE-2014-8079
Drupal MAYO theme 7.x-1.x < 7.x-1.3 - Authenticated Cross-Site Scripting via Header Background Setting
Oct 09, 2014
EPSS 0.01
CVE-2014-8078
Drupal Print 6.x-1.x < 6.x-1.19, 7.x-1.x < 7.x-1.3, 7.x-2.x < 7.x-2.0 - Authenticated Cross-Site Scripting
Oct 09, 2014
EPSS 0.01
CVE-2014-8077
Drupal NewsFlash 6.x-1.x < 6.x-1.7 and 7.x-1.x < 7.x-2.5 - Cross-Site Scripting via Font Family CSS
Oct 09, 2014
EPSS 0.01
CVE-2014-8076
Professional Theme < 7.x-2.04 - Authenticated Cross-Site Scripting via Custom Copyright Information
Oct 09, 2014
EPSS 0.01
CVE-2014-8075
Drupal Tribune 6.x-1.x and 7.x-3.x - Authenticated Stored Cross-Site Scripting via Node Title
Oct 09, 2014
EPSS 0.01
CVE-2014-7980
Zen theme for Drupal 7.x-3.x < 7.x-3.3 and 7.x-5.x < 7.x-5.5 - Authenticated Stored XSS via Theme Settings
Oct 08, 2014
EPSS 0.01
CVE-2014-7979
SimpleCorp theme 7.x-1.x - Authenticated Cross-Site Scripting via Theme Settings
Oct 08, 2014
EPSS 0.01
CVE-2014-7978
BlueMasters theme 7.x-2.x - Authenticated Cross-Site Scripting via Theme Settings
Oct 08, 2014
EPSS 0.01
CVE-2014-7870
Drupal Custom Search Module 6.x-1.x < 6.x-1.12 and 7.x-1.x < 7.x-1.14 - Cross-Site Scripting
Oct 06, 2014
EPSS 0.01
CVE-2014-7869
Context Form Alteration module 7.x-1.x - Authenticated Cross-Site Scripting in Configuration UI
Oct 06, 2014
EPSS 0.01
CVE-2014-5267
Drupal 6.x < 6.33 and 7.x < 7.31 - XML External Entity Injection via XRDS Document DOCTYPE
Sep 30, 2014
EPSS 0.04
CVE-2014-5266
WordPress < 3.9.2 - Denial of Service via Large XML Document in IXR Library
Aug 18, 2014
EPSS 0.24
CVE-2014-5265
WordPress < 3.9.2 - Denial of Service via XML Entity Expansion
Aug 18, 2014
EPSS 0.03
CVE-2014-5022
Drupal 7.x < 7.29 - Cross-Site Scripting via Ajax-Enabled Textfield and File Field
Jul 22, 2014
EPSS 0.01
CVE-2014-5021
Drupal 6.x < 6.32 and possibly 7.x < 7.29 - Authenticated Cross-Site Scripting via Option Group Label
Jul 22, 2014
EPSS 0.01
CVE-2014-5020
Drupal 7.x < 7.29 - Authenticated Unauthorized File Access via File Module
Jul 22, 2014
EPSS 0.01
CVE-2014-5019
Drupal 6.x < 6.32 and 7.x < 7.29 - Denial of Service via HTTP Host Header
Jul 22, 2014
EPSS 0.03
CVE-2014-2983
Drupal 6.x < 6.31 and 7.x < 7.27 - Unauthenticated Exposure of Sensitive Information via Cached Form Data
Apr 23, 2014
EPSS 0.02
CVE-2014-1607
Drupal EventCalendar module 7.14 - Cross-Site Scripting via Year Parameter
Jan 26, 2014
EPSS 0.01
CVE-2014-1476
Drupal 7.x < 7.26 - Authenticated Information Disclosure via Taxonomy Module
Jan 24, 2014
EPSS 0.01
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters