Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-18 | CVE-2008-3218 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. | 4.3 |
| 2008-07-09 | CVE-2008-3096 | Permissions, Privileges, and Access Controls vulnerability in Drupal Outline Designer Module 5 The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | 6.5 |
| 2008-07-09 | CVE-2008-3092 | SQL Injection vulnerability in Drupal Taxonomy Autotagger Module 5 SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2008-07-03 | CVE-2008-3000 | Permissions, Privileges, and Access Controls vulnerability in Drupal Aggregation Module The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | 6.8 |
| 2008-07-03 | CVE-2008-2998 | Cross-Site Scripting vulnerability in Drupal Aggregation Module Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-06-18 | CVE-2008-2773 | Cross-Site Scripting vulnerability in Drupal Taxonomy Image Module 5/6 Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-06-18 | CVE-2008-2771 | Permissions, Privileges, and Access Controls vulnerability in Drupal and Node Hierarchy Module The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | 5.0 |
| 2008-04-27 | CVE-2008-1980 | Cross-Site Scripting vulnerability in Drupal E-Publish Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-04-23 | CVE-2008-1916 | Cross-Site Scripting vulnerability in Drupal Ubercart Module 51.0 Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428. | 4.3 |
| 2008-04-15 | CVE-2008-1794 | Cross-Site Scripting vulnerability in Drupal Webform Module Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |