Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-25 | CVE-2012-6573 | Cross-Site Scripting vulnerability in Alejandro Garza Apachesolr Autocomplete Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. | 4.3 |
| 2013-06-24 | CVE-2013-2129 | Cross-Site Scripting vulnerability in Nathan Haug Webform Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. | 4.3 |
| 2013-06-24 | CVE-2013-2036 | Cross-Site Scripting vulnerability in Yoran Brault Filebrowser Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | 4.3 |
| 2013-06-24 | CVE-2013-1972 | Cross-Site Scripting vulnerability in Alexey Sukhotin Elfinder Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | 4.3 |
| 2013-06-24 | CVE-2013-1906 | Cross-Site Scripting vulnerability in Wolfgang Ziegler Rules Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. | 4.3 |
| 2013-06-21 | CVE-2012-6572 | Cross-Site Scripting vulnerability in Kong Inf08 Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. | 4.3 |
| 2013-06-20 | CVE-2013-1905 | Cross-Site Scripting vulnerability in Catalin Florian Radut Zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-06-20 | CVE-2013-1393 | Cross-Site Scripting vulnerability in Curvycorners 6.X1.0/7.X1.0 Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1887 | Cross-Site Scripting vulnerability in Views Project Views Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. | 2.1 |
| 2013-03-27 | CVE-2013-2715 | Cross-Site Scripting vulnerability in Thomas Seidl Search API Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. | 2.1 |