Vulnerabilities > Danielb > Cool AID > 6.x.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-09 | CVE-2012-1649 | Permissions, Privileges, and Access Controls vulnerability in Danielb Cool AID Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. | 4.9 |
| 2012-09-09 | CVE-2012-1648 | Cross-Site Scripting vulnerability in Danielb Cool AID Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |