Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / drupal

drupal

509 tracked vulnerabilities.

Drupal - Session Cookie Secure Flag Not Set

Drupal 5.x < 5.10 and 6.x < 6.4 - Cross-Site Scripting

Drupal 5.x < 5.10 and 6.x < 6.4 - Authenticated Cross-Site Scripting via File Upload MIME Type

Drupal 5.x < 5.10 and 6.x < 6.4 - Authenticated Remote Code Execution via BlogAPI Module File Upload

Drupal 6.x < 6.4 - Cross-Site Request Forgery via Cached Forms and AHAH Elements

Drupal 5.x < 5.10 and 6.x < 6.4 - Cross-Site Request Forgery

Drupal Upload module < 6.4 - Authenticated Unauthorized Node Edit and File Deletion

Drupal Suggested Terms module 5.x - Authenticated Cross-Site Scripting via Taxonomy Terms

Drupal 6.0-6.2 - Cross-Site Scripting via Taxonomy Term Preview and OpenID Values

Drupal 5.x < 5.8 and 6.x < 6.3 - Cross-Site Scripting via Object HTML Tag

Drupal 5.x < 5.8 and 6.x < 6.3 - Cross-Site Request Forgery via Translated Strings Deletion

Drupal 6.x < 6.3 - Cross-Site Request Forgery via OpenID Identity Deletion

Drupal 5.x < 5.9 and 6.x < 6.3 - Session Fixation

Drupal 6.x < 6.3 - SQL Injection via Numeric Field Placeholder

Drupal Taxonomy Autotagger Module < 5.x-1.8 - Authenticated Cross-Site Scripting

Drupal Taxonomy Autotagger Module < 5.x-1.8 - Authenticated SQL Injection

Drupal Organic Groups Module 5.x < 5.x-7.3 and 6.x < 6.x-1.0-RC1 - Authenticated Cross-Site Scripting

Drupal Outline Designer Module - Privilege Escalation via Authentication Level Change

Tinytax Taxonomy Block Module 5.x - Authenticated Cross-Site Scripting via Taxonomy Term

Drupal Aggregation Module < 5.x-4.4 - Cross-Site Scripting

Drupal Aggregation module 5.x < 5.x-4.4 - SQL Injection

Drupal Aggregation Module 5.x - Unauthenticated Access Control Bypass

Drupal Aggregation Module 5.x - Remote Code Execution via Crafted Feed File Upload

TrailScout module < 5.x-1.4 - Authenticated Cross-Site Scripting

Drupal Trailscout Module - SQL Injection

Previous Page 16 of 21 Next

Products

drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy