Vulnerabilities > Drupal > Drupal > 7.32
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-24 | CVE-2010-5312 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 6.1 |
2014-11-24 | CVE-2014-9016 | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | 5.0 |
2014-11-24 | CVE-2014-9015 | Permissions, Privileges, and Access Controls vulnerability in multiple products Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | 6.8 |