cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2014-8765,https://securityvulnerability.io/vulnerability/CVE-2014-8765,,"Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the ""manage PIFR environments"" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.",Drupal,Project Issue File Review,,,0.002199999988079071,false,,false,false,false,,,false,false,,2014-10-14T14:55:00.000Z,0
CVE-2008-0577,https://securityvulnerability.io/vulnerability/CVE-2008-0577,,"The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.",Drupal,Project Issue Tracking Module,,,0.0032399999909102917,false,,false,false,false,,,false,false,,2008-02-05T01:00:00.000Z,0
CVE-2008-0576,https://securityvulnerability.io/vulnerability/CVE-2008-0576,,"Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages.",Drupal,Project Issue Tracking Module,,,0.002739999908953905,false,,false,false,false,,,false,false,,2008-02-05T01:00:00.000Z,0
CVE-2007-5228,https://securityvulnerability.io/vulnerability/CVE-2007-5228,,"Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form.",Drupal,Drupal Project Issue Tracking,,,0.000910000002477318,false,,false,false,false,,,false,false,,2007-10-05T23:17:00.000Z,0
CVE-2007-4436,https://securityvulnerability.io/vulnerability/CVE-2007-4436,,"The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.",Drupal,"Project Issue Tracking Module,Project",,,0.015159999951720238,false,,false,false,false,,,false,false,,2007-08-20T22:00:00.000Z,0
CVE-2007-1368,https://securityvulnerability.io/vulnerability/CVE-2007-1368,,"The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with ""access project issues"" permission, to read the contents of a private node via a URL with a modified node identifier.",Drupal,Drupal Project Issue Tracking,,,0.0019099999917671084,false,,false,false,false,,,false,false,,2007-03-09T22:00:00.000Z,0
CVE-2007-0534,https://securityvulnerability.io/vulnerability/CVE-2007-0534,,"Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain ""fields on project nodes"" or (b) ""certain project-specific settings regarding issue tracking.""",Drupal,"Project Issue Tracking Module,Project",,,0.005869999993592501,false,,false,false,false,,,false,false,,2007-01-26T01:00:00.000Z,0
CVE-2007-0505,https://securityvulnerability.io/vulnerability/CVE-2007-0505,,"Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.",Drupal,"Project Issue Tracking Module,Project",,,0.025599999353289604,false,,false,false,false,,,false,false,,2007-01-26T00:00:00.000Z,0
CVE-2007-0506,https://securityvulnerability.io/vulnerability/CVE-2007-0506,,"The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.",Drupal,"Project Issue Tracking Module,Project",,,0.005100000184029341,false,,false,false,false,,,false,false,,2007-01-26T00:00:00.000Z,0
CVE-2006-6646,https://securityvulnerability.io/vulnerability/CVE-2006-6646,,"Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function.",Drupal,"Drupal Project,Drupal Project Issue Tracking",,,0.007170000113546848,false,,false,false,false,,,false,false,,2006-12-20T02:00:00.000Z,0