Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-08 | CVE-2014-7979 | Cross-Site Scripting vulnerability in Drupal Simplecorp 7.X1.0 Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | 3.5 |
| 2014-10-08 | CVE-2014-7980 | Cross-Site Scripting vulnerability in Drupal ZEN Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. | 3.5 |
| 2014-10-06 | CVE-2014-7869 | Cross-Site Scripting vulnerability in Drupal Context Form Alteration Module 7.X1.0/7.X1.1 Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-10-06 | CVE-2014-7870 | Cross-Site Scripting vulnerability in Drupal Custom Search Module Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results. | 3.5 |
| 2014-07-22 | CVE-2014-5021 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label. | 2.1 |
| 2014-05-20 | CVE-2013-4380 | Cross-Site Scripting vulnerability in Mediafront Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. | 2.1 |
| 2014-05-17 | CVE-2013-4498 | Permissions, Privileges, and Access Controls vulnerability in Florian Weber Spaces The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. | 2.1 |
| 2014-05-13 | CVE-2013-4504 | Permissions, Privileges, and Access Controls vulnerability in Monster Menus Module Project Monster Menus The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | 2.6 |
| 2014-01-31 | CVE-2013-4383 | Cross-Site Scripting vulnerability in Dennis Bruecke Jquery Countdown 7.X1.0 Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2014-01-19 | CVE-2013-0244 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. | 2.6 |