Vulnerabilities > Drupal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-14 | CVE-2006-6529 | Information Disclosure vulnerability in Drupal Chatroom Module 4.7 The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | 7.5 |
2006-12-14 | CVE-2006-6528 | Remote Security vulnerability in Chatroom Module The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | 7.5 |
2006-12-08 | CVE-2006-6386 | Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. network drupal | 6.8 |
2006-10-30 | CVE-2006-5608 | SQL Injection vulnerability in Drupal Extended Tracker 4.7 SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." | 7.5 |
2006-10-24 | CVE-2006-5477 | Cross-Site Scripting vulnerability in Drupal Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | 2.6 |
2006-10-24 | CVE-2006-5476 | Cross-Site Request Forgery vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | 7.5 |
2006-10-24 | CVE-2006-5475 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. network drupal | 6.8 |
2006-09-23 | CVE-2006-4949 | Cross-Site Scripting vulnerability in Site Profile Directory Module Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. network drupal | 4.3 |
2006-09-23 | CVE-2006-4947 | HTML Injection vulnerability in Drupal Search Keyword Module 1.12/1.13/1.14 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal core is not affected. network drupal | 6.8 |
2006-09-15 | CVE-2006-4821 | Cross-Site Scripting vulnerability in Drupal Userreview Module 4.7 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network drupal | 4.3 |