Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-13 | CVE-2014-8743 | Cross-Site Scripting vulnerability in Drupal Maestro Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. | 3.5 |
| 2014-10-13 | CVE-2014-8744 | Cross-Site Scripting vulnerability in Drupal Nivo Slider Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. | 3.5 |
| 2014-10-13 | CVE-2014-8745 | Cross-Site Scripting vulnerability in Drupal Custom Search Module Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. | 3.5 |
| 2014-10-13 | CVE-2014-8746 | Cross-Site Scripting vulnerability in Drupal Skeleton Theme 7.X1.2/7.X1.3 Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | 3.5 |
| 2014-10-13 | CVE-2014-8748 | Cross-Site Scripting vulnerability in Drupal Doubleclick FOR Publishers 7.X1.0/7.X1.1 Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | 3.5 |
| 2014-10-09 | CVE-2014-8075 | Cross-Site Scripting vulnerability in Drupal Tribune 6.X1.13/6.X1.2/7.X3.0 Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | 3.5 |
| 2014-10-09 | CVE-2014-8076 | Cross-Site Scripting vulnerability in Drupal Professional Theme Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information. | 3.5 |
| 2014-10-09 | CVE-2014-8077 | Cross-Site Scripting vulnerability in Drupal Newsflash Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property. | 3.5 |
| 2014-10-09 | CVE-2014-8078 | Cross-Site Scripting vulnerability in Drupal Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. | 3.5 |
| 2014-10-08 | CVE-2014-7978 | Cross-Site Scripting vulnerability in Drupal Bluemasters 7.X2.0 Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | 3.5 |