Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-14 | CVE-2014-8765 | Cross-Site Scripting vulnerability in Drupal Project Issue File Review Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page. | 4.3 |
| 2014-10-13 | CVE-2014-8748 | Cross-Site Scripting vulnerability in Drupal Doubleclick FOR Publishers 7.X1.0/7.X1.1 Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | 3.5 |
| 2014-10-13 | CVE-2014-8747 | Cross-Site Scripting vulnerability in Drupal Commons Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages. | 4.3 |
| 2014-10-13 | CVE-2014-8746 | Cross-Site Scripting vulnerability in Drupal Skeleton Theme 7.X1.2/7.X1.3 Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | 3.5 |
| 2014-10-13 | CVE-2014-8745 | Cross-Site Scripting vulnerability in Drupal Custom Search Module Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. | 3.5 |
| 2014-10-13 | CVE-2014-8744 | Cross-Site Scripting vulnerability in Drupal Nivo Slider Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. | 3.5 |
| 2014-10-13 | CVE-2014-8743 | Cross-Site Scripting vulnerability in Drupal Maestro Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. | 3.5 |
| 2014-10-09 | CVE-2014-8079 | Cross-Site Scripting vulnerability in Drupal Mayo 7.X1.1/7.X1.2/7.X1.Xdev Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. | 4.0 |
| 2014-10-09 | CVE-2014-8078 | Cross-Site Scripting vulnerability in Drupal Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. | 3.5 |
| 2014-10-09 | CVE-2014-8077 | Cross-Site Scripting vulnerability in Drupal Newsflash Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. | 3.5 |