Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-27 | CVE-2012-2711 | Cross-Site Scripting vulnerability in Nancy Wichmann Taxonomy List Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | 2.1 |
| 2012-06-27 | CVE-2012-2712 | Cross-Site Scripting vulnerability in Thomas Seidl Search API 7.X1.0/7.X1.X Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | 2.6 |
| 2012-06-27 | CVE-2012-2723 | Cross-Site Scripting vulnerability in Blaine Lang Maestro 7.X1.0/7.X1.1/7.X1.X Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2012-06-27 | CVE-2012-2725 | Permissions, Privileges, and Access Controls vulnerability in Authoring Html 6.X-1.0 classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | 3.5 |
| 2012-06-27 | CVE-2012-2726 | Cross-Site Scripting vulnerability in Alberto Trujillo Gonzalez Protest Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. | 2.1 |
| 2012-06-27 | CVE-2012-2731 | Information Exposure vulnerability in Richardo Ante Ubercart Ajax Cart 6.X2.0 The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | 2.6 |
| 2012-06-27 | CVE-2012-3800 | Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | 2.1 |
| 2012-05-21 | CVE-2012-2340 | Permissions, Privileges, and Access Controls vulnerability in Geoff Davies Contact Forms 7.X1.1/7.X1.X The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. | 3.5 |
| 2012-05-21 | CVE-2012-2907 | Cross-Site Scripting vulnerability in Ishmael Sanchez Aberdeen 6.X1.10/6.X1.8/6.X1.9 Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | 2.6 |
| 2012-02-14 | CVE-2012-1060 | Cross-Site Scripting vulnerability in RIK DE Boer Revisioning 6.X3.13 Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters. | 2.1 |