Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-26 | CVE-2009-3782 | Information Exposure vulnerability in 2Bits Userpoints 6.X1.0/6.X1.Xdev Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | 3.5 |
| 2009-10-09 | CVE-2009-3648 | Cross-Site Scripting vulnerability in Apsivam Service Links 6.X1.0 Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | 3.5 |
| 2009-10-09 | CVE-2009-3652 | Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | 3.5 |
| 2009-10-09 | CVE-2009-3653 | Cross-Site Scripting vulnerability in Darren OH XML Sitemap 5.X1.6 Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | 3.5 |
| 2009-09-30 | CVE-2009-3488 | Cross-Site Scripting vulnerability in RON Jerome Bibliography 6.X1.6 Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479. | 2.1 |
| 2009-09-16 | CVE-2009-3206 | Cross-Site Scripting vulnerability in Drewish Imagecache Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2009-09-16 | CVE-2009-3210 | Cross-Site Scripting vulnerability in Joao Ventura Print Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2009-08-13 | CVE-2008-6972 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. | 3.5 |
| 2009-07-27 | CVE-2009-2610 | Cross-Site Scripting vulnerability in Scott Courtney Links Package Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | 3.5 |
| 2009-06-05 | CVE-2009-1942 | Cross-Site Scripting vulnerability in Drupal Quiz Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |