| CVE-2011-5187 |
low |
— |
2.1 |
|
|
tag1consultingdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission t… |
| CVE-2012-1630 |
low |
— |
2.1 |
|
|
nestor_mata_cuthbertdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified … |
| CVE-2012-1629 |
low |
— |
2.1 |
|
|
dmitry_loacdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1628 |
low |
— |
3.5 |
|
|
63reasonsdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1632 |
low |
— |
2.1 |
|
|
erik_webbdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer polic… |
| CVE-2012-1627 |
low |
— |
3.5 |
|
|
marvil07drupal |
14y ago |
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitra… |
| CVE-2012-1640 |
low |
— |
2.1 |
|
|
alquimiadrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbi… |
| CVE-2012-1653 |
low |
— |
3.5 |
|
|
collectivecolorsdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via u… |
| CVE-2012-1652 |
low |
— |
2.1 |
|
|
wim_leersdrupalwimleers |
14y ago |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary… |
| CVE-2012-1651 |
low |
— |
3.5 |
|
|
thinkleftdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1660 |
low |
— |
2.1 |
|
|
nathan_haugdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module … |
| CVE-2012-1659 |
low |
— |
2.1 |
|
|
ariel_barreirodrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script … |
| CVE-2012-1658 |
low |
— |
2.1 |
|
|
fourkitchensdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arb… |
| CVE-2012-1657 |
low |
— |
2.1 |
|
|
fourkitchensdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web s… |
| CVE-2012-1654 |
low |
— |
2.1 |
|
|
alex_barthdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data ta… |
| CVE-2012-1648 |
low |
— |
2.1 |
|
|
danielbdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HT… |
| CVE-2012-2068 |
low |
— |
2.1 |
|
|
tiger-fishdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi… |
| CVE-2012-2065 |
low |
— |
3.5 |
|
|
fresodrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi… |
| CVE-2012-1645 |
low |
— |
2.6 |
|
|
wimleersdrupal |
14y ago |
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified ve… |
| CVE-2012-1644 |
low |
— |
2.1 |
|
|
gizradrupal |
14y ago |
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via uns… |
| CVE-2012-2297 |
low |
— |
2.1 |
|
|
creative_commons_module_projectdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission t… |
| CVE-2012-2076 |
low |
— |
2.1 |
|
|
rob_loachdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions … |
| CVE-2012-2075 |
low |
— |
2.1 |
|
|
steindomdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arb… |
| CVE-2012-2072 |
low |
— |
2.1 |
|
|
patrick_przybilladrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject a… |
| CVE-2012-2071 |
low |
— |
2.1 |
|
|
geoff_daviesdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer si… |
| CVE-2012-2070 |
low |
— |
2.1 |
|
|
andrew_levinedrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission … |
| CVE-2012-2300 |
low |
— |
2.1 |
|
|
ubercartdrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product cl… |
| CVE-2012-2299 |
low |
— |
2.1 |
|
|
ubercartdrupal |
14y ago |
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive informat… |
| CVE-2012-2310 |
low |
— |
3.5 |
|
|
oleg_kovalchukdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary w… |
| CVE-2012-2309 |
low |
— |
3.5 |
|
|
wearepropeopledrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web scr… |
| CVE-2012-2308 |
low |
— |
3.5 |
|
|
tahiticlicdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script… |
| CVE-2012-2306 |
high |
— |
7.5 |
|
|
willem_van_der_plaatdrupal |
14y ago |
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-2303 |
high |
— |
7.5 |
|
|
florian_weberdrupal |
14y ago |
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via… |
| CVE-2012-3800 |
low |
— |
2.1 |
|
|
moshe_weitzmandrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to in… |
| CVE-2012-2731 |
low |
— |
2.6 |
|
|
richardo_antedrupal |
14y ago |
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information b… |
| CVE-2012-2730 |
high |
— |
7.5 |
|
|
alexis_wilkedrupal |
14y ago |
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass … |
| CVE-2012-2726 |
low |
— |
2.1 |
|
|
alberto_trujillo_gonzalezdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission t… |
| CVE-2012-2725 |
low |
— |
3.5 |
|
|
authoring_htmldrupal |
14y ago |
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authentica… |
| CVE-2012-2723 |
low |
— |
2.6 |
|
|
blaine_langdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTM… |
| CVE-2012-2712 |
low |
— |
2.6 |
|
|
thomas_seidldrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arb… |
| CVE-2012-2711 |
low |
— |
2.1 |
|
|
nancy_wichmanndrupal |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to in… |
| CVE-2012-2710 |
low |
— |
2.6 |
|
|
john_albindrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to injec… |
| CVE-2012-2708 |
low |
— |
2.1 |
|
|
antoine_beaupredrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows … |
| CVE-2012-2705 |
low |
— |
2.1 |
|
|
christopher_mitchelldrupal |
14y ago |
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi… |
| CVE-2012-2703 |
low |
— |
2.6 |
|
|
john_franklindrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via … |
| CVE-2012-2718 |
high |
— |
7.5 |
|
|
drupal-iddrupal |
14y ago |
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." |
| CVE-2012-2340 |
low |
— |
3.5 |
|
|
geoff_daviesdrupal |
14y ago |
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" … |
| CVE-2012-2907 |
low |
— |
2.6 |
|
|
ishmael_sanchezdrupal |
14y ago |
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the brea… |
| CVE-2011-4113 |
high |
— |
7.5 |
|
|
earl_milesdrupal |
15y ago |
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of view… |
| CVE-2012-1060 |
low |
— |
2.1 |
|
|
rik_de_boerdrupal |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authe… |
| CVE-2011-5030 |
low |
— |
3.5 |
|
|
valthbalddrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or H… |
| CVE-2011-4560 |
low |
— |
3.5 |
|
|
drupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2011-2687 |
high |
— |
7.5 |
|
|
drupal |
15y ago |
Drupal Access Control Bypass |
| CVE-2010-4813 |
low |
— |
3.5 |
|
|
category_tokens_projectdrupal |
15y ago |
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web scr… |
| CVE-2011-1663 |
high |
— |
7.5 |
|
|
icanlocalizedrupal |
15y ago |
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1066 |
low |
— |
2.6 |
|
|
reyerodrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to in… |
| CVE-2010-3094 |
low |
— |
2.1 |
|
|
drupal |
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |
| CVE-2010-3093 |
low |
— |
3.5 |
|
|
drupal |
16y ago |
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a … |
| CVE-2010-3423 |
high |
— |
7.5 |
|
|
frekadrupal |
16y ago |
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. |
| CVE-2010-3022 |
low |
— |
2.6 |
|
|
drupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url al… |
| CVE-2010-2724 |
low |
— |
2.1 |
|
|
wimleersdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions… |
| CVE-2010-1958 |
low |
— |
2.1 |
|
|
drupalquicksketch |
16y ago |
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to F… |
| CVE-2010-2158 |
low |
— |
2.1 |
|
|
speedtechdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we… |
| CVE-2010-2125 |
low |
— |
2.1 |
|
|
systemseeddrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit… |
| CVE-2010-2123 |
low |
— |
2.1 |
|
|
speedtechdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we… |
| CVE-2010-2048 |
low |
— |
3.5 |
|
|
menhirdrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2010-2002 |
low |
— |
2.1 |
|
|
addison_berryjeff_warringtondrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, … |
| CVE-2010-2001 |
low |
— |
2.6 |
|
|
ninjitsuwebdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. |
| CVE-2010-2000 |
low |
— |
2.1 |
|
|
ron_jeromedrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… |
| CVE-2010-1998 |
low |
— |
2.1 |
|
|
kevinhankensdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbi… |
| CVE-2010-1984 |
low |
— |
2.1 |
|
|
michael_nicholsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions… |
| CVE-2010-1976 |
low |
— |
2.1 |
|
|
michael_nicholsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary w… |
| CVE-2010-1584 |
low |
— |
2.1 |
|
|
steven_jonesdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HT… |
| CVE-2009-4829 |
low |
— |
2.1 |
|
|
james_glasgowjohn_vandervortdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi… |
| CVE-2010-1539 |
low |
— |
2.1 |
|
|
john_vandykdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users t… |
| CVE-2010-1536 |
low |
— |
2.1 |
|
|
mearradrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in… |
| CVE-2010-1530 |
low |
— |
2.1 |
|
|
reyerodrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks pr… |
| CVE-2010-1362 |
low |
— |
2.1 |
|
|
ben_jeavonsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML… |
| CVE-2010-1358 |
low |
— |
2.1 |
|
|
ron_jeromedrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… |
| CVE-2010-1303 |
low |
— |
2.1 |
|
|
jim_berrydrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node p… |
| CVE-2010-1108 |
low |
— |
3.5 |
|
|
hashmarkconsultingdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to … |
| CVE-2010-1107 |
low |
— |
3.5 |
|
|
fourkitchensdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML … |
| CVE-2010-0697 |
low |
— |
3.5 |
|
|
ilya_ivanchenkodrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload fil… |
| CVE-2010-0370 |
low |
— |
3.5 |
|
|
roger_lopezthomas_turnbulldrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or … |
