Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-06 | CVE-2009-1249 | Cross-Site Scripting vulnerability in Drupal Feedapi Mapper 5.X1.0/5.X1.X Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | 4.3 |
| 2009-03-26 | CVE-2008-6533 | Cross-Site Scripting vulnerability in Drupal Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2009-03-26 | CVE-2008-6532 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | 6.8 |
| 2009-03-26 | CVE-2009-1069 | Cross-Site Scripting vulnerability in Drupal Content Construction KIT Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module. | 4.3 |
| 2009-03-23 | CVE-2009-1047 | Cross-Site Scripting vulnerability in Drupal and Print Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. | 4.3 |
| 2009-03-20 | CVE-2009-1037 | Remote Security vulnerability in Print Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API. | 5.0 |
| 2009-03-20 | CVE-2009-1036 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Plus1 Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | 6.8 |
| 2009-03-20 | CVE-2009-1035 | Cross-Site Scripting vulnerability in Jake Gordon Tasks 5.X1.0/5.X1.2/5.X2.Xdev Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | 4.3 |
| 2009-03-06 | CVE-2008-6413 | Cross-Site Scripting vulnerability in Ticklespace Answers Module 5.X1.Xdev Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. | 4.3 |
| 2009-03-02 | CVE-2008-6384 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Comment Mail 5.X0.1/5.X1.0/5.X1.X Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | 6.8 |