Vulnerabilities > Drupal > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-25 | CVE-2011-3373 | Cross-site Scripting vulnerability in Drupal Views Builk Operations Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. | 6.1 |
2019-11-21 | CVE-2012-2078 | Cross-site Scripting vulnerability in Drupal Activity 6.X1.X Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | 4.8 |
2019-11-21 | CVE-2012-1637 | Cross-site Scripting vulnerability in Drupal Quick Tabs Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | 4.8 |
2019-11-07 | CVE-2010-2473 | Improper Input Validation vulnerability in Drupal Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. | 6.5 |
2019-11-07 | CVE-2010-2472 | Cross-site Scripting vulnerability in Drupal Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. | 4.8 |
2019-11-07 | CVE-2010-2250 | Cross-site Scripting vulnerability in Drupal Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | 6.1 |
2019-11-06 | CVE-2010-2471 | Open Redirect vulnerability in multiple products Drupal versions 5.x and 6.x has open redirection | 6.1 |
2019-05-24 | CVE-2019-11876 | Cross-site Scripting vulnerability in multiple products In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. | 6.1 |
2019-05-16 | CVE-2019-10909 | Cross-site Scripting vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. | 5.4 |
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |