Vulnerabilities > Drupal > Low

DATE CVE VULNERABILITY TITLE RISK
2013-07-16 CVE-2013-0245 Permissions, Privileges, and Access Controls vulnerability in Drupal
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
network
high complexity
drupal CWE-264
2.1
2.1
2013-06-25 CVE-2013-1971 Cross-Site Scripting vulnerability in Jordan DE Laune MP3 Player 6.X1.0/6.X1.1
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.
network
high complexity
jordan-de-laune drupal CWE-79
2.1
2.1
2013-06-20 CVE-2013-1393 Cross-Site Scripting vulnerability in Curvycorners 6.X1.0/7.X1.0
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
curvycorners drupal CWE-79
2.1
2.1
2013-03-27 CVE-2013-1887 Cross-Site Scripting vulnerability in Views Project Views
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
network
high complexity
views-project drupal CWE-79
2.1
2.1
2013-03-27 CVE-2013-0181 Cross-Site Scripting vulnerability in Thomas Seidl Search API
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
network
high complexity
thomas-seidl drupal CWE-79
2.6
2.6
2013-03-27 CVE-2013-0259 Cross-Site Scripting vulnerability in Boxes Project Boxes 7.X1.0/7.X1.X
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
network
high complexity
boxes-project drupal CWE-79
2.1
2.1
2013-03-27 CVE-2013-0260 Unspecified vulnerability in Elliot Pahl Drush Debian Packaging
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
local
low complexity
elliot-pahl drupal
2.1
2.1
2013-03-27 CVE-2013-0324 Cross-Site Scripting vulnerability in Tomasbarej Menu Reference 7.X1.X
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
network
high complexity
tomasbarej drupal CWE-79
2.1
2.1
2013-03-27 CVE-2013-1778 Cross-Site Scripting vulnerability in Devsaran Creative 7.X1.0/7.X1.1
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.
network
high complexity
devsaran drupal CWE-79
2.1
2.1
2013-03-27 CVE-2013-1779 Cross-Site Scripting vulnerability in Devsaran Fresh
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
devsaran drupal CWE-79
2.1
2.1