Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-21 | CVE-2013-4230 | Permissions, Privileges, and Access Controls vulnerability in Monster Menus Module Project Monster Menus The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. | 6.0 |
| 2013-08-19 | CVE-2013-4174 | Cross-Site Scripting vulnerability in OWS Scald 7.X1.0 Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. | 4.3 |
| 2013-07-16 | CVE-2013-2122 | Permissions, Privileges, and Access Controls vulnerability in Quade Edit Limit The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. | 5.0 |
| 2013-07-16 | CVE-2013-1908 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
| 2013-07-16 | CVE-2013-1907 | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons and Commons Group The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
| 2013-07-16 | CVE-2013-0246 | Permissions, Privileges, and Access Controls vulnerability in Drupal The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | 4.3 |
| 2013-07-01 | CVE-2013-2158 | Cross-Site Request Forgery (CSRF) vulnerability in Services Project Services Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2013-06-27 | CVE-2012-6576 | Cross-Site Scripting vulnerability in Antti Alamki PRH Search 7.X1.0/7.X1.X Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-06-27 | CVE-2012-6575 | Cross-Site Scripting vulnerability in Mobile4Social Exposed Filter Data 6.X1.0/6.X1.1/6.X1.X Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-06-27 | CVE-2012-6574 | Cross-Site Scripting vulnerability in Soprano Fonecta Verify Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |