Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-21 | CVE-2010-0370 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | 3.5 |
| 2010-01-04 | CVE-2009-4557 | Cross-Site Scripting vulnerability in Unleashedmind IMG Assist Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title. | 2.1 |
| 2010-01-04 | CVE-2009-4559 | Cross-Site Scripting vulnerability in Nanwich Submitted BY Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text. | 3.5 |
| 2009-12-31 | CVE-2009-4513 | Cross-Site Scripting vulnerability in John Vandyk Workflow Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. | 3.5 |
| 2009-12-31 | CVE-2009-4514 | Cross-Site Scripting vulnerability in Astha Bhatnagar Shindigintegrator 5/6.X1.Xdev/6.X2.0Alpha1 Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2009-12-31 | CVE-2009-4532 | Cross-Site Scripting vulnerability in Nathan Haug Webform Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. | 3.5 |
| 2009-12-28 | CVE-2009-4429 | Cross-Site Scripting vulnerability in Alexander Hass Sections Module Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). | 3.5 |
| 2009-12-21 | CVE-2009-4369 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. | 3.5 |
| 2009-12-21 | CVE-2009-4370 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. | 3.5 |
| 2009-12-21 | CVE-2009-4371 | Cross-Site Scripting vulnerability in Drupal 6.14/6.15 Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form. | 3.5 |