Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-01 | CVE-2009-4119 | Cross-Site Scripting vulnerability in Alex Barth Feed Element Mapper Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-11-24 | CVE-2009-4066 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | 6.8 |
| 2009-11-24 | CVE-2009-4065 | Cross-Site Scripting vulnerability in Jeff Miccolis Strongarm Module 6.X1.0Beta1/6.X1.0Beta2/6.X1.0Beta3 Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. | 4.3 |
| 2009-11-24 | CVE-2009-4064 | Cross-Site Scripting vulnerability in Puntolatinoclub Gallery Assist Module 6.X1.5/6.X1.6Beta1/6.X1.6Dev Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. | 4.3 |
| 2009-11-24 | CVE-2009-4063 | Cross-Site Scripting vulnerability in Ezra Barnett Gildesgame OG Subgroups Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. | 4.3 |
| 2009-11-24 | CVE-2009-4062 | Cross-Site Scripting vulnerability in Anon-Design Printfriendly Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-11-24 | CVE-2009-4061 | Cross-Site Scripting vulnerability in Yuriy Babenko Agreement Module 6.X1.0/6.X1.1/6.X1.Xdev Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-11-20 | CVE-2009-4043 | Cross-Site Scripting vulnerability in Patrick Przybilla Addtoany Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. | 4.3 |
| 2009-11-20 | CVE-2009-4042 | Cross-Site Scripting vulnerability in Marek Sotak Rootcandy Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2009-11-09 | CVE-2009-3922 | Cross-Site Request Forgery (CSRF) vulnerability in Chad Phillips Userprotect Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. | 6.8 |