Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-01 | CVE-2009-1844 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. | 3.5 |
| 2009-05-29 | CVE-2009-1823 | Cross-Site Scripting vulnerability in Drupal Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. | 2.6 |
| 2009-05-20 | CVE-2009-1738 | Cross-Site Scripting vulnerability in Ivanjaros Feed Block 6.X1.0/6.X1.X Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items." | 3.5 |
| 2009-03-05 | CVE-2009-0818 | Cross-Site Scripting vulnerability in Drupal Taxonomy Theme Module Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. | 3.5 |
| 2009-02-20 | CVE-2008-6229 | Cross-Site Scripting vulnerability in Drupal Content Construction KIT Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. | 3.5 |
| 2009-02-19 | CVE-2008-6170 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. | 3.5 |
| 2009-02-16 | CVE-2009-0603 | Cross-Site Scripting vulnerability in Drupal Link Module 5.X2.5 Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). | 3.5 |
| 2009-01-28 | CVE-2008-5996 | Cross-Site Scripting vulnerability in Link3 Simplenews Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | 3.5 |
| 2009-01-28 | CVE-2008-5999 | Cross-Site Scripting vulnerability in Drupal Ajax Checklist 5.X1.0 Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | 3.5 |
| 2008-10-09 | CVE-2008-4530 | Cross-Site Scripting vulnerability in Drupal Brilliant Gallery Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. | 3.5 |