Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-01 | CVE-2010-2123 | Cross-Site Scripting vulnerability in Speedtech Storm Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. | 2.1 |
| 2010-06-01 | CVE-2010-2125 | Cross-Site Scripting vulnerability in Systemseed Rotor Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | 2.1 |
| 2010-05-25 | CVE-2010-2048 | Cross-Site Scripting vulnerability in Menhir Heartbeat Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2010-05-20 | CVE-2010-1998 | Cross-Site Scripting vulnerability in Kevinhankens Tablefield 6.X1.0/6.X1.1 Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. | 2.1 |
| 2010-05-20 | CVE-2010-2000 | Cross-Site Scripting vulnerability in RON Jerome Bibliography Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. | 2.1 |
| 2010-05-20 | CVE-2010-2001 | Cross-Site Scripting vulnerability in Ninjitsuweb Civiregister 6.X1.0 Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | 2.6 |
| 2010-05-20 | CVE-2010-2002 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. | 2.1 |
| 2010-05-19 | CVE-2010-1984 | Cross-Site Scripting vulnerability in Michael Nichols Taxonomy Breadcrumb Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. | 2.1 |
| 2010-05-19 | CVE-2010-1976 | Cross-Site Scripting vulnerability in Michael Nichols Taxonomy Breadcrumb 6.X0.1/6.X1.0/6.X1.X Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. | 2.1 |
| 2010-05-19 | CVE-2010-1584 | Cross-Site Scripting vulnerability in Steven Jones Context 6.X2.0 Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | 2.1 |