A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.
Max CVSS
4.8
EPSS Score
0.07%
Published
2023-05-01
Updated
2024-03-21
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-11-25
Updated
2017-01-07
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
Max CVSS
4.3
EPSS Score
0.24%
Published
2017-09-13
Updated
2017-09-26
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
Max CVSS
4.3
EPSS Score
0.34%
Published
2015-08-24
Updated
2016-12-24
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Max CVSS
4.3
EPSS Score
0.32%
Published
2015-08-24
Updated
2016-12-24
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Max CVSS
4.3
EPSS Score
0.52%
Published
2015-06-22
Updated
2016-12-03
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
Max CVSS
4.0
EPSS Score
0.23%
Published
2015-06-22
Updated
2016-12-03
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-10-14
Updated
2014-10-22
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-10-13
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-10-16
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-09
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-07-22
Updated
2014-07-22
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Max CVSS
4.9
EPSS Score
0.09%
Published
2014-07-22
Updated
2014-07-22
Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-01-26
Updated
2024-03-21
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
Max CVSS
4.0
EPSS Score
0.19%
Published
2014-01-24
Updated
2014-02-21
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-12-24
Updated
2014-01-04
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-07-16
Updated
2013-07-16
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
Max CVSS
4.3
EPSS Score
0.45%
Published
2012-05-21
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
Max CVSS
4.3
EPSS Score
0.49%
Published
2012-08-14
Updated
2017-08-29
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
Max CVSS
4.0
EPSS Score
0.22%
Published
2012-10-01
Updated
2013-12-13
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Max CVSS
4.8
EPSS Score
0.05%
Published
2019-11-21
Updated
2019-12-11
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.
Max CVSS
4.3
EPSS Score
0.34%
Published
2012-09-25
Updated
2017-08-29
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
Max CVSS
4.8
EPSS Score
0.05%
Published
2019-11-21
Updated
2019-12-11
94 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!