Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2020-13673 | Cross-site Scripting vulnerability in Drupal Entity Embed 8.X1.0/8.X1.1/8.X1.2 The Entity Embed module provides a filter to allow embedding entities in content fields. | 2.6 |
| 2022-02-11 | CVE-2020-13672 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. | 2.6 |
| 2019-11-21 | CVE-2012-1637 | Cross-site Scripting vulnerability in Drupal Quick Tabs Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | 3.5 |
| 2019-11-21 | CVE-2012-2078 | Cross-site Scripting vulnerability in Drupal Activity 6.X1.X Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | 3.5 |
| 2019-11-07 | CVE-2010-2472 | Cross-site Scripting vulnerability in Drupal Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. | 3.5 |
| 2019-11-07 | CVE-2010-2473 | Improper Input Validation vulnerability in Drupal Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. | 3.5 |
| 2019-05-16 | CVE-2019-10909 | Cross-site Scripting vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. | 3.5 |
| 2018-03-01 | CVE-2017-6928 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. | 3.5 |
| 2015-03-25 | CVE-2015-2559 | Improper Access Control vulnerability in multiple products Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | 3.5 |
| 2014-11-12 | CVE-2014-8734 | Permissions, Privileges, and Access Controls vulnerability in Drupal Organic Groups Menu 7.X2.0/7.X2.Xdev The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors. | 3.5 |