Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-25 | CVE-2013-2177 | Cross-Site Scripting vulnerability in Kristof DE Jaeger Display Suite Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. | 4.3 |
| 2013-06-25 | CVE-2012-6573 | Cross-Site Scripting vulnerability in Alejandro Garza Apachesolr Autocomplete Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. | 4.3 |
| 2013-06-24 | CVE-2013-2129 | Cross-Site Scripting vulnerability in Nathan Haug Webform Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. | 4.3 |
| 2013-06-24 | CVE-2013-2036 | Cross-Site Scripting vulnerability in Yoran Brault Filebrowser Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | 4.3 |
| 2013-06-24 | CVE-2013-1972 | Cross-Site Scripting vulnerability in Alexey Sukhotin Elfinder Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | 4.3 |
| 2013-06-24 | CVE-2013-1906 | Cross-Site Scripting vulnerability in Wolfgang Ziegler Rules Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. | 4.3 |
| 2013-06-21 | CVE-2012-6572 | Cross-Site Scripting vulnerability in Kong Inf08 Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. | 4.3 |
| 2013-06-20 | CVE-2013-1905 | Cross-Site Scripting vulnerability in Catalin Florian Radut Zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-03-27 | CVE-2013-1859 | Permissions, Privileges, and Access Controls vulnerability in Chris Desautels Node Parameter Control 6.X1.0 The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors. | 6.4 |
| 2013-03-27 | CVE-2013-0325 | Cross-Site Scripting vulnerability in Varnish Http Accelerator Integration Project Varnish Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. | 4.3 |