Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-30 | CVE-2012-4469 | Cross-Site Scripting vulnerability in Simon Rycroft Hashcash Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module. | 2.6 |
| 2012-11-30 | CVE-2012-4473 | Permissions, Privileges, and Access Controls vulnerability in Christian Johansson Restrict Node Page View 7.X1.0/7.X1.1 The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request. | 3.5 |
| 2012-11-02 | CVE-2012-4493 | Cross-Site Scripting vulnerability in ROY Baxter Better Revisions 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-11-02 | CVE-2012-4497 | Cross-Site Scripting vulnerability in Devsaran Elegant Theme 7.X1.X Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | 2.1 |
| 2012-11-01 | CVE-2012-5704 | Resource Management Errors vulnerability in Justin Dodge Hotblocks The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself. | 3.5 |
| 2012-11-01 | CVE-2012-5705 | Cross-Site Scripting vulnerability in Justin Dodge Hotblocks Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names." | 2.1 |
| 2012-10-31 | CVE-2012-4492 | Cross-Site Scripting vulnerability in Isaac Sukin Shorten Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page. | 2.1 |
| 2012-10-31 | CVE-2012-4496 | Cross-Site Scripting vulnerability in Inclind Custom PUB Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | 2.1 |
| 2012-10-31 | CVE-2012-4500 | Permissions, Privileges, and Access Controls vulnerability in Nancy Wichmann Announcements The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | 3.5 |
| 2012-10-06 | CVE-2012-1624 | Cross-Site Scripting vulnerability in Lingotek Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. | 3.5 |