5.19

DATE	CVE	VULNERABILITY TITLE	RISK
2009-09-24	CVE-2009-3352	Unspecified vulnerability in Drupal Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. network low complexity drupal critical	10.0
2009-07-08	CVE-2009-2372	Code Injection vulnerability in Drupal Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. network low complexity drupal CWE-94	6.5
2008-10-29	CVE-2008-4789	Permissions, Privileges, and Access Controls vulnerability in Drupal The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." network drupal CWE-264	6.0
2008-03-04	CVE-2008-1133	Cross-Site Scripting vulnerability in Drupal The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. network drupal CWE-79	4.3