Vulnerabilities > Drupal > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-25 CVE-2011-3373 Cross-site Scripting vulnerability in Drupal Views Builk Operations
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used.
network
low complexity
drupal CWE-79
6.1
2019-11-21 CVE-2012-2078 Cross-site Scripting vulnerability in Drupal Activity 6.X1.X
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
network
low complexity
drupal CWE-79
4.8
2019-11-21 CVE-2012-1637 Cross-site Scripting vulnerability in Drupal Quick Tabs
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
network
low complexity
drupal CWE-79
4.8
2019-11-07 CVE-2010-2473 Improper Input Validation vulnerability in Drupal
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances.
network
low complexity
drupal CWE-20
6.5
2019-11-07 CVE-2010-2472 Cross-site Scripting vulnerability in Drupal
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack.
network
low complexity
drupal CWE-79
4.8
2019-11-07 CVE-2010-2250 Cross-site Scripting vulnerability in Drupal
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
network
low complexity
drupal CWE-79
6.1
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
network
low complexity
drupal debian CWE-601
6.1
2019-05-24 CVE-2019-11876 Cross-site Scripting vulnerability in multiple products
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.
network
low complexity
prestashop drupal CWE-79
6.1
2019-05-16 CVE-2019-10909 Cross-site Scripting vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
network
low complexity
sensiolabs drupal CWE-79
5.4
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1