Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-27 | CVE-2013-0323 | Cross-Site Scripting vulnerability in Display Suite Project DS Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | 4.3 |
| 2013-03-27 | CVE-2013-0322 | Cross-Site Scripting vulnerability in Ubercart Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | 4.3 |
| 2013-03-27 | CVE-2013-0321 | Cross-Site Scripting vulnerability in Ubercart Views Project UC Views Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | 4.3 |
| 2013-03-27 | CVE-2013-0320 | Cross-Site Request Forgery (CSRF) vulnerability in Mattias Hutterer Taxonomy Manager Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | 5.1 |
| 2013-03-27 | CVE-2013-0319 | Cross-Site Scripting vulnerability in Yandex.Metrics Project Yandex Metrics Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | 4.3 |
| 2013-03-27 | CVE-2013-0317 | Cross-Site Scripting vulnerability in JOE Haskins OG Manager Change 7.X2.0/7.X2.X Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. | 4.3 |
| 2013-03-27 | CVE-2013-0316 | Resource Management Errors vulnerability in Drupal The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | 5.0 |
| 2013-03-27 | CVE-2013-0258 | Improper Authentication vulnerability in Google Authenticator Login Project GA Login 7.X1.0/7.X1.1/7.X1.2 The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | 6.8 |
| 2013-03-27 | CVE-2013-0257 | Permissions, Privileges, and Access Controls vulnerability in David Alkire Email2Image 6.X1.X/6.X2.X The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | 5.0 |
| 2013-03-27 | CVE-2013-0182 | Permissions, Privileges, and Access Controls vulnerability in Bart Feenstra Payment The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | 5.0 |