A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.
Max CVSS
4.8
EPSS Score
0.07%
Published
2023-05-01
Updated
2024-03-21
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-11-25
Updated
2017-01-07
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
Max CVSS
4.3
EPSS Score
0.24%
Published
2017-09-13
Updated
2017-09-26
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
Max CVSS
4.3
EPSS Score
0.34%
Published
2015-08-24
Updated
2016-12-24
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Max CVSS
4.3
EPSS Score
0.32%
Published
2015-08-24
Updated
2016-12-24
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Max CVSS
4.3
EPSS Score
0.52%
Published
2015-06-22
Updated
2016-12-03
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
Max CVSS
4.0
EPSS Score
0.23%
Published
2015-06-22
Updated
2016-12-03
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Max CVSS
3.5
EPSS Score
0.10%
Published
2015-03-25
Updated
2019-02-05
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-10-14
Updated
2014-10-22
Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name.
Max CVSS
3.5
EPSS Score
0.08%
Published
2014-10-13
Updated
2014-10-16
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-10-13
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.
Max CVSS
3.5
EPSS Score
0.10%
Published
2014-10-13
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label.
Max CVSS
3.5
EPSS Score
0.11%
Published
2014-10-13
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.
Max CVSS
3.5
EPSS Score
0.11%
Published
2014-10-13
Updated
2017-09-08
Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.
Max CVSS
3.5
EPSS Score
0.11%
Published
2014-10-13
Updated
2017-09-08
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-11-12
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-10-16
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-09
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-10-09
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-10-09
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information.
Max CVSS
3.5
EPSS Score
0.10%
Published
2014-10-09
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-10-09
Updated
2017-09-08
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.
Max CVSS
3.5
EPSS Score
0.09%
Published
2014-10-08
Updated
2014-10-09
156 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!