Vulnerabilities > Drupal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-01 | CVE-2012-5233 | Cross-Site Scripting vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | 2.1 |
| 2012-10-01 | CVE-2012-1639 | Cross-Site Scripting vulnerability in Commerceguys Commerce 7.X1.0/7.X1.1/7.X1.X Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. | 3.5 |
| 2012-10-01 | CVE-2012-1588 | Resource Management Errors vulnerability in Drupal Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | 3.5 |
| 2012-09-20 | CVE-2011-5187 | Cross-Site Scripting vulnerability in Tag1Consulting Support Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-09-20 | CVE-2011-5188 | Cross-Site Scripting vulnerability in Tag1Consulting Support Timer Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-09-20 | CVE-2011-5189 | Cross-Site Scripting vulnerability in Svendecabooter Webform Validation Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-09-20 | CVE-2012-1628 | Cross-Site Scripting vulnerability in 63Reasons Supercron Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-09-20 | CVE-2012-1629 | Cross-Site Scripting vulnerability in Dmitry Loac Taxotouch Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-09-20 | CVE-2012-1630 | Cross-Site Scripting vulnerability in Nestor Mata Cuthbert Taxonomy Navigator Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
| 2012-09-20 | CVE-2012-1627 | Cross-Site Scripting vulnerability in Marvil07 Vote UP Down Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | 3.5 |