Vulnerabilities > Drupal > Low

DATE CVE VULNERABILITY TITLE RISK
2012-09-20 CVE-2012-1632 Cross-Site Scripting vulnerability in Erik Webb Password Policy
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.
network
high complexity
erik-webb drupal CWE-79
2.1
2012-09-19 CVE-2012-1640 Cross-Site Scripting vulnerability in Alquimia Managesite 6.X1.0/6.X1.X
Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category.
network
high complexity
alquimia drupal CWE-79
2.1
2012-09-19 CVE-2012-1651 Cross-Site Scripting vulnerability in Thinkleft Submenu Tree
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5
2012-09-19 CVE-2012-1652 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."
network
high complexity
wim-leers drupal wimleers CWE-79
2.1
2012-09-19 CVE-2012-1653 Cross-Site Scripting vulnerability in Collectivecolors Taxonomy View Integrator Module 6.X1.0/6.X1.1/6.X1.2
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
3.5
2012-09-18 CVE-2012-1654 Cross-Site Scripting vulnerability in Alex Barth Data
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
network
high complexity
alex-barth drupal CWE-79
2.1
2012-09-18 CVE-2012-1657 Cross-Site Scripting vulnerability in Fourkitchens Block Class
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
network
high complexity
fourkitchens drupal CWE-79
2.1
2012-09-18 CVE-2012-1658 Cross-Site Scripting vulnerability in Fourkitchens ED Readmore 6.X3.X
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
fourkitchens drupal CWE-79
2.1
2012-09-18 CVE-2012-1659 Cross-Site Scripting vulnerability in Ariel Barreiro Noderecommendation 6.X1.0/6.X1.X
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
ariel-barreiro drupal CWE-79
2.1
2012-09-18 CVE-2012-1660 Cross-Site Scripting vulnerability in Nathan Haug Webform
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
network
high complexity
nathan-haug drupal CWE-79
2.1