Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-16 | CVE-2009-2078 | Cross-Site Scripting vulnerability in Heine.Familiedeelstra Booktree Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | 4.3 |
| 2009-06-16 | CVE-2009-2077 | Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Views Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | 4.0 |
| 2009-06-12 | CVE-2009-2035 | Unspecified vulnerability in Drupal Services Module for Drupal 6.X0.12 Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | 6.4 |
| 2009-05-06 | CVE-2009-1576 | Unspecified vulnerability in Drupal Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. network drupal | 4.3 |
| 2009-05-06 | CVE-2009-1575 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | 4.3 |
| 2009-05-01 | CVE-2009-1505 | SQL Injection vulnerability in Drupal News Page 5.X1.1/5.X1.X SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. | 6.5 |
| 2009-05-01 | CVE-2009-1501 | Cross-Site Scripting vulnerability in Exif Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | 4.3 |
| 2009-04-20 | CVE-2009-1344 | Cross-Site Scripting vulnerability in Drupal Localization Client Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. | 4.3 |
| 2009-04-20 | CVE-2009-1343 | Cross-Site Scripting vulnerability in Drupal Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. | 4.3 |
| 2009-04-20 | CVE-2009-1342 | Cross-Site Scripting vulnerability in Drupal CCK Comment Reference 6.X/6.X1.1 Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | 4.3 |