Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-14 | CVE-2012-2076 | Cross-Site Scripting vulnerability in ROB Loach Sharethis 7.X2.0/7.X2.1/7.X2.2 Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-08-14 | CVE-2012-2299 | Credentials Management vulnerability in Ubercart The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | 2.1 |
| 2012-08-14 | CVE-2012-2300 | Cross-Site Scripting vulnerability in Ubercart Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-07-25 | CVE-2012-2308 | Cross-Site Scripting vulnerability in Tahiticlic Taxonomy Grid Catalog Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-07-25 | CVE-2012-2309 | Cross-Site Scripting vulnerability in Wearepropeople Glossify Internal Links Auto SEO 6.X2.5 Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-07-25 | CVE-2012-2310 | Cross-Site Scripting vulnerability in Oleg Kovalchuk Cctags Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-06-27 | CVE-2012-2703 | Cross-Site Scripting vulnerability in John Franklin Advertisement Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | 2.6 |
| 2012-06-27 | CVE-2012-2705 | Improper Input Validation vulnerability in Christopher Mitchell Smart Breadcrumb The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | 2.1 |
| 2012-06-27 | CVE-2012-2708 | Cross-Site Scripting vulnerability in Antoine Beaupre Hostmaster Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | 2.1 |
| 2012-06-27 | CVE-2012-2710 | Cross-Site Scripting vulnerability in John Albin ZEN 6.X1.0/6.X1.0Beta1/6.X1.X Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | 2.6 |