Vulnerabilities > Drupal > Low

DATE CVE VULNERABILITY TITLE RISK
2010-04-27 CVE-2009-4829 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
james-glasgow john-vandervort drupal CWE-79
2.1
2.1
2010-04-26 CVE-2010-1536 Cross-Site Scripting vulnerability in Mearra Addthis
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
mearra drupal CWE-79
2.1
2.1
2010-04-26 CVE-2010-1539 Cross-Site Scripting vulnerability in John Vandyk Workflow
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
network
high complexity
john-vandyk drupal CWE-79
2.1
2.1
2010-04-26 CVE-2010-1530 Cross-Site Scripting vulnerability in Reyero I18N
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
network
high complexity
reyero drupal CWE-79
2.1
2.1
2010-04-13 CVE-2010-1358 Cross-Site Scripting vulnerability in RON Jerome Bibliography
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
ron-jerome drupal CWE-79
2.1
2.1
2010-04-13 CVE-2010-1362 Cross-Site Scripting vulnerability in BEN Jeavons Ownterm 6.X1.0
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.
network
high complexity
ben-jeavons drupal CWE-79
2.1
2.1
2010-04-08 CVE-2010-1303 Cross-Site Scripting vulnerability in JIM Berry Taxonomy Filter 6.X1.0/6.X1.Xdev
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
network
high complexity
jim-berry drupal CWE-79
2.1
2.1
2010-03-25 CVE-2010-1107 Cross-Site Scripting vulnerability in Fourkitchens Recent Comments
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." 		3.5
3.5
2010-03-25 CVE-2010-1108 Cross-Site Scripting vulnerability in Hashmarkconsulting Controlpanel
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. 		3.5
3.5
2010-02-23 CVE-2010-0697 Cross-Site Scripting vulnerability in Ilya Ivanchenko Itweak Upload
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. 		3.5
3.5