Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-29 | CVE-2011-5030 | Cross-Site Scripting vulnerability in Valthbald Meta Tags Quick 7.X2.1/7.X2.2 Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." | 3.5 |
| 2011-11-28 | CVE-2011-4560 | Cross-Site Scripting vulnerability in Drupal Petition Node Module Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. | 3.5 |
| 2011-07-08 | CVE-2010-4813 | Cross-Site Scripting vulnerability in Category Tokens Project Category Tokens 6.X1.0 Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | 3.5 |
| 2011-02-23 | CVE-2011-1066 | Cross-Site Scripting vulnerability in Reyero Messaging Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2010-09-21 | CVE-2010-3093 | Permissions, Privileges, and Access Controls vulnerability in Drupal The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | 3.5 |
| 2010-09-21 | CVE-2010-3094 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | 2.1 |
| 2010-08-16 | CVE-2010-3022 | Cross-Site Scripting vulnerability in Drupal Devel Module Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | 2.6 |
| 2010-07-13 | CVE-2010-2724 | Cross-Site Scripting vulnerability in Wimleers Hierarchical Select Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. | 2.1 |
| 2010-06-21 | CVE-2010-1958 | Cross-Site Scripting vulnerability in Quicksketch Filefield Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). | 2.1 |
| 2010-06-07 | CVE-2010-2158 | Cross-Site Scripting vulnerability in Speedtech Storm Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. | 2.1 |