Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-27 | CVE-2013-1780 | Cross-Site Scripting vulnerability in Devsaran Best Responsive 7.X1.0 Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | 2.1 |
| 2013-03-27 | CVE-2013-1781 | Cross-Site Scripting vulnerability in Devsaran Professional Theme Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1782 | Cross-Site Scripting vulnerability in Devsaran Responsive Blog Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | 2.1 |
| 2013-03-27 | CVE-2013-1783 | Cross-Site Scripting vulnerability in Devsaran Business Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1784 | Cross-Site Scripting vulnerability in Devsaran Clean Theme 7.X1.0/7.X1.1/7.X1.2 Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1785 | Cross-Site Scripting vulnerability in Devsaran Responsive Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1786 | Cross-Site Scripting vulnerability in Devsaran Company Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-1787 | Cross-Site Scripting vulnerability in Devsaran Corporate Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2013-03-27 | CVE-2013-2715 | Cross-Site Scripting vulnerability in Thomas Seidl Search API Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. | 2.1 |
| 2013-03-19 | CVE-2013-0225 | Cross-Site Scripting vulnerability in User Relationships Project User Relationships Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. | 2.1 |