Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-30 | CVE-2009-3479 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | 4.3 |
| 2009-09-28 | CVE-2009-3442 | Permissions, Privileges, and Access Controls vulnerability in Ariel Barreiro Meta Tags The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2009-09-28 | CVE-2009-3437 | Cross-Site Scripting vulnerability in Henriksjokvist Markdown Preview 6.X Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." | 4.3 |
| 2009-09-28 | CVE-2009-3435 | Cross-Site Scripting vulnerability in Moshe Weitzman Devel Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. | 4.3 |
| 2009-09-24 | CVE-2009-3363 | Cross-Site Scripting vulnerability in Ufku Bayburt Bueditor Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | 4.3 |
| 2009-09-16 | CVE-2009-3207 | Permissions, Privileges, and Access Controls vulnerability in Drewish Imagecache The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | 6.8 |
| 2009-09-09 | CVE-2009-3122 | Permissions, Privileges, and Access Controls vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | 6.4 |
| 2009-09-09 | CVE-2009-3121 | Cross-Site Scripting vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-09-01 | CVE-2008-7151 | Cross-Site Request Forgery (CSRF) vulnerability in Gurpartap Singh Live 5.X1.Xdev Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | 6.8 |
| 2009-09-01 | CVE-2008-7150 | Cross-Site Scripting vulnerability in BER Kessels Refine BY Taxo 5.X1.Xdev Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags. | 4.3 |