Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-05 | CVE-2007-5228 | Cross-Site Scripting vulnerability in Drupal Project Issue Tracking Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. | 3.5 |
| 2007-07-17 | CVE-2007-3818 | Cross-Site Scripting vulnerability in Logintoboggan Module Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block." network drupal | 3.5 |
| 2007-03-09 | CVE-2007-1368 | Unspecified vulnerability in Drupal Project Issue Tracking The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. network drupal | 3.5 |
| 2007-01-09 | CVE-2007-0124 | Denial of Service vulnerability in Drupal Page Caching Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. network drupal | 3.5 |
| 2006-10-24 | CVE-2006-5477 | Cross-Site Scripting vulnerability in Drupal Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | 2.6 |
| 2006-08-27 | CVE-2006-4355 | Cross-Site Scripting vulnerability in Drupal Easylinks Module Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2006-08-27 | CVE-2006-4360 | Cross-Site Scripting vulnerability in Drupal E-Commerce Module 4.7 Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. network drupal | 3.5 |
| 2006-06-06 | CVE-2006-2832 | Input Validation vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | 2.6 |
| 2006-06-06 | CVE-2006-2833 | Input Validation vulnerability in Drupal 4.6.8/4.7.2 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | 2.6 |