Vulnerabilities > Drupal > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-20 | CVE-2012-1632 | Cross-Site Scripting vulnerability in Erik Webb Password Policy Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. | 2.1 |
2012-09-19 | CVE-2012-1640 | Cross-Site Scripting vulnerability in Alquimia Managesite 6.X1.0/6.X1.X Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category. | 2.1 |
2012-09-19 | CVE-2012-1651 | Cross-Site Scripting vulnerability in Thinkleft Submenu Tree Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2012-09-19 | CVE-2012-1652 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." | 2.1 |
2012-09-19 | CVE-2012-1653 | Cross-Site Scripting vulnerability in Collectivecolors Taxonomy View Integrator Module 6.X1.0/6.X1.1/6.X1.2 Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." | 3.5 |
2012-09-18 | CVE-2012-1654 | Cross-Site Scripting vulnerability in Alex Barth Data Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. | 2.1 |
2012-09-18 | CVE-2012-1657 | Cross-Site Scripting vulnerability in Fourkitchens Block Class Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. | 2.1 |
2012-09-18 | CVE-2012-1658 | Cross-Site Scripting vulnerability in Fourkitchens ED Readmore 6.X3.X Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
2012-09-18 | CVE-2012-1659 | Cross-Site Scripting vulnerability in Ariel Barreiro Noderecommendation 6.X1.0/6.X1.X Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
2012-09-18 | CVE-2012-1660 | Cross-Site Scripting vulnerability in Nathan Haug Webform Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | 2.1 |