Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-31 | CVE-2012-4494 | Permissions, Privileges, and Access Controls vulnerability in Niif Shibb Auth 7.X4.0 The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. | 4.3 |
| 2012-10-31 | CVE-2012-4491 | Permissions, Privileges, and Access Controls vulnerability in Earl Dunovant Monthly Archive BY Node Type 6.X1.0/6.X2.0/6.X3.0 The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors. | 5.8 |
| 2012-10-31 | CVE-2012-4490 | Cross-Site Scripting vulnerability in Ricky Morse Excluded Users 6.X1.0 Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address. | 4.3 |
| 2012-10-31 | CVE-2012-4489 | Improper Input Validation vulnerability in Mark Burdett Securelogin Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | 5.8 |
| 2012-10-31 | CVE-2012-4488 | Permissions, Privileges, and Access Controls vulnerability in Location Module Project Location The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page. | 5.0 |
| 2012-10-31 | CVE-2012-4485 | Cross-Site Scripting vulnerability in Manuel Garcia Galleryformatter Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. | 4.3 |
| 2012-10-31 | CVE-2012-4484 | Cross-Site Scripting vulnerability in Trexart Campaignmonitor Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-31 | CVE-2012-4483 | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | 5.0 |
| 2012-10-31 | CVE-2012-4482 | Improper Input Validation vulnerability in Longwaveconsulting Ubercart Securetrading Payment Method Module 6.X1.0 The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | 5.0 |
| 2012-10-07 | CVE-2010-5277 | Unspecified vulnerability in Karim Ratib Views Bulk Operations Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. | 4.9 |