Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-24 | CVE-2008-4152 | Cross-Site Scripting vulnerability in Drupal Talk Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | 3.5 |
| 2008-08-27 | CVE-2008-3741 | Cross-Site Scripting vulnerability in Drupal The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | 3.5 |
| 2008-07-09 | CVE-2008-3091 | Cross-Site Scripting vulnerability in Drupal Taxonomy Autotagger Module 5 Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2008-07-09 | CVE-2008-3095 | Cross-Site Scripting vulnerability in Drupal Organic Groups Module 5/6 Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2008-07-09 | CVE-2008-3097 | Cross-Site Scripting vulnerability in Drupal Tinytax Taxonomy Block Module 5 Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term. | 3.5 |
| 2008-06-25 | CVE-2008-2849 | Cross-Site Scripting vulnerability in Drupal Trailscout Module 5 Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2008-04-27 | CVE-2008-1978 | Cross-Site Scripting vulnerability in Drupal Ubercart Module Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | 3.5 |
| 2008-03-04 | CVE-2008-1131 | Cross-Site Scripting vulnerability in Drupal 6.0 Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | 3.5 |
| 2008-01-15 | CVE-2008-0274 | Cross-Site Scripting vulnerability in Drupal 4.7/5.0 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | 2.6 |
| 2007-10-22 | CVE-2007-5621 | Cross-Site Scripting vulnerability in Drupal products Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames. | 3.5 |