| CVE-2009-4771 |
medium |
— |
5.0 |
|
|
ubercartdrupal |
16y ago |
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trig… |
| CVE-2010-1362 |
low |
— |
2.1 |
|
|
ben_jeavonsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML… |
| CVE-2010-1358 |
low |
— |
2.1 |
|
|
ron_jeromedrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… |
| CVE-2010-1303 |
low |
— |
2.1 |
|
|
jim_berrydrupal |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node p… |
| CVE-2010-1108 |
low |
— |
3.5 |
|
|
hashmarkconsultingdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to … |
| CVE-2010-1107 |
low |
— |
3.5 |
|
|
fourkitchensdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML … |
| CVE-2010-1074 |
medium |
— |
4.3 |
|
|
2bitsdrupal |
16y ago |
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to w… |
| CVE-2010-0752 |
medium |
— |
5.0 |
|
|
earl_dunovantdrupal |
17y ago |
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows re… |
| CVE-2010-0697 |
low |
— |
3.5 |
|
|
ilya_ivanchenkodrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload fil… |
| CVE-2010-0370 |
low |
— |
3.5 |
|
|
roger_lopezthomas_turnbulldrupal |
17y ago |
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or … |
