Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-17 | CVE-2012-2059 | Cross-Site Scripting vulnerability in Steve Lockwood Ticketyboo News Ticker Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-17 | CVE-2012-2058 | Permissions, Privileges, and Access Controls vulnerability in Paypal Ubercart Payflow The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | 5.0 |
| 2012-09-17 | CVE-2012-2057 | Cross-Site Request Forgery (CSRF) vulnerability in Miura Ubercart Bulk Stock Updater Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. | 6.8 |
| 2012-09-17 | CVE-2012-2056 | Cross-Site Request Forgery (CSRF) vulnerability in Nathan Brink Content Lock Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2012-09-09 | CVE-2012-1649 | Permissions, Privileges, and Access Controls vulnerability in Danielb Cool AID Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. | 4.9 |
| 2012-09-06 | CVE-2012-2069 | Cross-Site Request Forgery (CSRF) vulnerability in Mclewin Wishlist Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | 6.8 |
| 2012-09-05 | CVE-2012-2067 | Remote Security vulnerability in Fckeditor Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. | 6.8 |
| 2012-09-05 | CVE-2012-2066 | Cross-Site Scripting vulnerability in Ckeditor and Fckeditor Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-05 | CVE-2012-2064 | Cross-Site Scripting vulnerability in Mark Theunissen Views Lang Switch 7.X1.0/7.X1.1/7.X1.X Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2012-09-05 | CVE-2012-2063 | Permissions, Privileges, and Access Controls vulnerability in Brian Altenhofel Slidebox The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |