Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-24 | CVE-2013-6387 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | 2.1 |
| 2013-10-28 | CVE-2012-0827 | Permissions, Privileges, and Access Controls vulnerability in Drupal The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | 3.5 |
| 2013-09-30 | CVE-2013-5964 | Cross-Site Scripting vulnerability in Joachim Noreiko Flag Module 7.X3.0 Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | 2.1 |
| 2013-08-28 | CVE-2013-4138 | Cross-Site Scripting vulnerability in Alienwp Hatch Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-08-28 | CVE-2013-4274 | Cross-Site Scripting vulnerability in Erikwebb Password Policy Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | 2.1 |
| 2013-08-23 | CVE-2012-6583 | Cross-Site Scripting vulnerability in Imagemenu Project Imagemenu Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. | 2.1 |
| 2013-08-21 | CVE-2013-4229 | Cross-Site Scripting vulnerability in Monster Menus Module Project Monster Menus Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. | 2.1 |
| 2013-08-20 | CVE-2012-6582 | Cross-Site Scripting vulnerability in Spambot Module Project Spambot Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. | 2.6 |
| 2013-08-19 | CVE-2013-5315 | Cross-Site Scripting vulnerability in OWS Scald 6.X1.0/6.X1.X/7.X1.0 Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174. | 2.6 |
| 2013-07-29 | CVE-2013-4140 | Cross-Site Scripting vulnerability in Drupalisme Tinybox Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |