Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  Security Vulnerabilities
CVE-2013-0260
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-03-27
CVE-2013-0316
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-03-27
CVE-2013-0317
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-03-27
CVE-2013-0318
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.014
Published
2013-03-27
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-03-27
CVE-2013-0320
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
CVSS Score
5.1
EPSS Score
0.002
Published
2013-03-27
CVE-2013-0321
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-03-27
CVE-2013-0322
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-03-27
CVE-2013-0323
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-03-27
CVE-2013-0324
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
CVSS Score
2.1
EPSS Score
0.002
Published
2013-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved