Vulnerabilities > Drupal > Low

DATE CVE VULNERABILITY TITLE RISK
2012-09-09 CVE-2012-1648 Cross-Site Scripting vulnerability in Danielb Cool AID
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
danielb drupal CWE-79
2.1
2.1
2012-09-05 CVE-2012-2065 Cross-Site Scripting vulnerability in Freso Languageicons
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors.
network
freso drupal CWE-79
3.5
3.5
2012-09-05 CVE-2012-2068 Cross-Site Scripting vulnerability in Tiger-Fish Fancy Slide
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter.
network
high complexity
tiger-fish drupal CWE-79
2.1
2.1
2012-08-28 CVE-2012-1644 Permissions, Privileges, and Access Controls vulnerability in Gizra OG Vocab 6.X1.0/6.X1.1/6.X1.X
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
network
high complexity
gizra drupal CWE-264
2.1
2.1
2012-08-28 CVE-2012-1645 Information Exposure vulnerability in Wimleers CDN 6.X2.2/7.X2.2
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
network
high complexity
wimleers drupal CWE-200
2.6
2.6
2012-08-26 CVE-2012-2297 Cross-Site Scripting vulnerability in Creative Commons Module Project Creativecommons 6.X1.0
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. 		2.1
2.1
2012-08-14 CVE-2012-2070 Cross-Site Scripting vulnerability in Andrew Levine Multiblock
Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title.
network
high complexity
andrew-levine drupal CWE-79
2.1
2.1
2012-08-14 CVE-2012-2071 Cross-Site Scripting vulnerability in Geoff Davies Contact Forms
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
geoff-davies drupal CWE-79
2.1
2.1
2012-08-14 CVE-2012-2072 Cross-Site Scripting vulnerability in Patrick Przybilla Addtoany
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
patrick-przybilla drupal CWE-79
2.1
2.1
2012-08-14 CVE-2012-2075 Cross-Site Scripting vulnerability in Steindom Contact Save
Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
steindom drupal CWE-79
2.1
2.1