Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-26 | CVE-2009-3784 | Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2009-10-26 | CVE-2009-3783 | Cross-Site Scripting vulnerability in Sjoerd Arendsen Simplenews Statistics Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | 4.3 |
| 2009-10-26 | CVE-2009-3780 | Cross-Site Scripting vulnerability in Ashok Modi Abuse 5.X1.0/5.X1.Xdev/5.X2.Xdev Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-10-26 | CVE-2009-3779 | Cross-Site Scripting vulnerability in Stefan Auditor Vcard Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. | 4.3 |
| 2009-10-09 | CVE-2009-3657 | Improper Authentication vulnerability in TIM Nelson Shared Sign-On 5.X/6.X Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
| 2009-10-09 | CVE-2009-3656 | Cross-Site Request Forgery (CSRF) vulnerability in TIM Nelson Shared Sign-On 5.X/6.X Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 |
| 2009-10-09 | CVE-2009-3654 | Unspecified vulnerability in 316Solutions Boost Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | 6.4 |
| 2009-10-09 | CVE-2009-3651 | Cross-Site Scripting vulnerability in Mikeryan Browscap Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | 4.3 |
| 2009-10-09 | CVE-2009-3650 | Cross-Site Scripting vulnerability in David Strauss DEX 6.X1.0 Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-10-06 | CVE-2009-3568 | Permissions, Privileges, and Access Controls vulnerability in multiple products Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | 5.0 |