|
211
|
-
3.5
|
LOW
|
Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.
|
CWE-79
Cross-site Scripting
|
CVE-2008-1131
|
cpe:2.3:a:drupal:drupal:6.0:*
|
|
|
|
|
2026-04-23 09:35
2008-03-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
-
4.3
|
MEDIUM
|
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
|
CWE-352
Origin Validation Error
|
CVE-2008-0272
|
cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…
|
|
|
|
|
2026-04-23 09:35
2008-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
-
4.3
|
MEDIUM
|
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byt…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0273
|
cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…
|
|
|
|
|
2026-04-23 09:35
2008-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
-
2.6
|
LOW
|
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links inv…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0274
|
cpe:2.3:a:drupal:drupal:5.0:* cpe:2.3:a:drupal:drupal:4.7:*
|
|
|
|
|
2026-04-23 09:35
2008-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
-
4.3
|
MEDIUM
|
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping …
|
CWE-79
Cross-site Scripting
|
CVE-2008-0276
|
cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…
|
|
|
|
|
2026-04-23 09:35
2008-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
-
7.5
|
HIGH
|
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonom…
|
CWE-20 CWE-89
Improper Input Validation SQL Injection
|
CVE-2007-6299
|
cpe:2.3:a:drupal:drupal:5.2:* cpe:2.3:a:drupal:drupal:5.1_rev1.1:* cpe:2.3:a:drupal:drupal:5.1:* cpe:2.3:a:dru…
|
|
|
|
|
2026-04-23 09:35
2007-12-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
-
3.5
|
LOW
|
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, No…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5621
|
cpe:2.3:a:drupal:drupal:5.2:* cpe:2.3:a:drupal:drupal:5.1:* cpe:2.3:a:drupal:drupal:5.0:* cpe:2.3:a:drupal:dru…
|
|
|
|
|
2026-04-23 09:35
2007-10-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
-
6.8
|
MEDIUM
|
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
|
CWE-94
Code Injection
|
CVE-2007-5593
|
cpe:2.3:a:drupal:drupal:*:*
|
5.0
|
|
|
5.3
|
2026-04-23 09:35
2007-10-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
-
4.3
|
MEDIUM
|
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
|
CWE-352
Origin Validation Error
|
CVE-2007-5594
|
cpe:2.3:a:drupal:drupal:*:*
|
5.0
|
|
|
5.3
|
2026-04-23 09:35
2007-10-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
-
5.1
|
MEDIUM
|
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP …
|
CWE-113
HTTP Response Splitting
|
CVE-2007-5595
|
cpe:2.3:a:drupal:drupal:*:*
|
4.7.0 5.0
|
|
|
4.7.8 5.3
|
2026-04-23 09:35
2007-10-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|