Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-19 | CVE-2013-0227 | Cross-Site Scripting vulnerability in Mathijs Koenraadt Search API Sorts Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | 2.1 |
| 2012-12-26 | CVE-2012-5585 | Cross-Site Scripting vulnerability in Mixpanel Project Mixpanel 6.X1.0/6.X1.X Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. | 2.1 |
| 2012-12-26 | CVE-2012-5586 | Permissions, Privileges, and Access Controls vulnerability in Marc Ingram Services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | 2.1 |
| 2012-12-26 | CVE-2012-5588 | Permissions, Privileges, and Access Controls vulnerability in Epiqo Email The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | 2.6 |
| 2012-12-26 | CVE-2012-5589 | Information Exposure vulnerability in Netgenius Multilink The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. | 3.5 |
| 2012-12-03 | CVE-2012-5538 | Cross-Site Scripting vulnerability in Nathan Haug Filefield Sources Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | 2.1 |
| 2012-12-03 | CVE-2012-5539 | Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | 3.5 |
| 2012-12-03 | CVE-2012-5545 | Cross-Site Scripting vulnerability in ROB Loach Sharethis Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings." | 2.1 |
| 2012-12-03 | CVE-2012-5553 | Cross-Site Scripting vulnerability in Daniel Honrade OM Maximenu Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. | 2.1 |
| 2012-12-03 | CVE-2012-5557 | Permissions, Privileges, and Access Controls vulnerability in User Read-Only Project User Readonly The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. | 3.6 |