Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2006-12-14 CVE-2006-6529 Information Disclosure vulnerability in Drupal Chatroom Module 4.7
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview.
network
low complexity
drupal
7.5
2006-12-14 CVE-2006-6528 Remote Security vulnerability in Chatroom Module
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges.
network
low complexity
drupal
7.5
2006-12-08 CVE-2006-6386 Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.
network
drupal
6.8
2006-10-30 CVE-2006-5608 SQL Injection vulnerability in Drupal Extended Tracker 4.7
SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."
network
low complexity
drupal
7.5
2006-10-24 CVE-2006-5477 Cross-Site Scripting vulnerability in Drupal
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
network
high complexity
drupal
2.6
2006-10-24 CVE-2006-5476 Cross-Site Request Forgery vulnerability in Drupal
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
network
low complexity
drupal
7.5
2006-10-24 CVE-2006-5475 Cross-Site Scripting vulnerability in Drupal
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
network
drupal
6.8
2006-09-23 CVE-2006-4949 Cross-Site Scripting vulnerability in Site Profile Directory Module
Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.
network
drupal
4.3
2006-09-23 CVE-2006-4947 HTML Injection vulnerability in Drupal Search Keyword Module 1.12/1.13/1.14
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal core is not affected.
network
drupal
6.8
2006-09-15 CVE-2006-4821 Cross-Site Scripting vulnerability in Drupal Userreview Module 4.7
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
drupal
4.3