Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-09 | CVE-2009-3921 | Permissions, Privileges, and Access Controls vulnerability in Ezra Barnett Gildesgame Smartqueue OG The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | 4.0 |
| 2009-11-09 | CVE-2009-3920 | Permissions, Privileges, and Access Controls vulnerability in Sean Robertson Crmngp An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors. | 5.0 |
| 2009-11-09 | CVE-2009-3919 | Cross-Site Scripting vulnerability in Sean Robertson Crmngp Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information." | 4.3 |
| 2009-11-09 | CVE-2009-3918 | Cross-Site Scripting vulnerability in Karim Ratib Zoomify Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. | 4.3 |
| 2009-11-09 | CVE-2009-3917 | Cross-Site Scripting vulnerability in Greg Knaddison S5 6.X1.0/6.X1.Xdev Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. | 4.3 |
| 2009-11-09 | CVE-2009-3916 | Cross-Site Scripting vulnerability in Ronan Dowling Nodehierarchy Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. | 4.3 |
| 2009-11-09 | CVE-2009-3915 | Cross-Site Scripting vulnerability in John C Fiala Link Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. | 4.3 |
| 2009-11-09 | CVE-2009-3914 | Cross-Site Scripting vulnerability in Wolfgang Ziegler Temporary Invitation Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. | 4.3 |
| 2009-10-26 | CVE-2009-3786 | Cross-Site Scripting vulnerability in Moshe Weitzman OG Vocab 5.X1.0/5.X1.Xdev Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | 4.3 |
| 2009-10-26 | CVE-2009-3785 | Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 |