Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-14 | CVE-2012-2155 | Cross-Site Request Forgery (CSRF) vulnerability in Kyle Browning Cdn2 Video 6.X1.X Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2012-08-14 | CVE-2012-2154 | Cross-Site Scripting vulnerability in Kyle Browning Cdn2 Video 6.X1.X Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-08-14 | CVE-2012-2081 | Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman Organic Groups The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. | 5.0 |
| 2012-08-14 | CVE-2012-2080 | Cross-Site Request Forgery (CSRF) vulnerability in Node Limit Number Project Node Limitnumber Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits. | 6.8 |
| 2012-08-14 | CVE-2012-2077 | Cross-Site Request Forgery (CSRF) vulnerability in ROB Loach Sharethis 7.X2.0/7.X2.1/7.X2.2 Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API." | 5.1 |
| 2012-08-14 | CVE-2012-2074 | Information Disclosure vulnerability in Drupal Ubercart Views Module Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |
| 2012-08-14 | CVE-2012-2073 | Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Bundle Copy 7.X1.0/7.X1.X The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. | 6.0 |
| 2012-08-14 | CVE-2012-2304 | Permissions, Privileges, and Access Controls vulnerability in Emil Stjerneman Linkit The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. | 4.3 |
| 2012-08-14 | CVE-2012-2298 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." | 4.3 |
| 2012-08-14 | CVE-2012-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Larry Garfield Autosave Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node." | 6.8 |