Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-14 | CVE-2006-6531 | Cross-Site Scripting vulnerability in Help Tip Module Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. network drupal | 6.8 |
| 2006-12-14 | CVE-2006-6530 | SQL-Injection vulnerability in Help Tip Module SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-12-14 | CVE-2006-6529 | Information Disclosure vulnerability in Drupal Chatroom Module 4.7 The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | 7.5 |
| 2006-12-14 | CVE-2006-6528 | Remote Security vulnerability in Chatroom Module The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | 7.5 |
| 2006-12-08 | CVE-2006-6386 | Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. network drupal | 6.8 |
| 2006-10-30 | CVE-2006-5608 | SQL Injection vulnerability in Drupal Extended Tracker 4.7 SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." | 7.5 |
| 2006-10-24 | CVE-2006-5477 | Cross-Site Scripting vulnerability in Drupal Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | 2.6 |
| 2006-10-24 | CVE-2006-5476 | Cross-Site Request Forgery vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | 7.5 |
| 2006-10-24 | CVE-2006-5475 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. network drupal | 6.8 |
| 2006-09-23 | CVE-2006-4949 | Cross-Site Scripting vulnerability in Site Profile Directory Module Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. network drupal | 4.3 |