Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-20 | CVE-2006-6647 | Cross-Site Scripting vulnerability in Drupal Mysite 4.7/5 Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. network drupal | 6.8 |
| 2006-12-20 | CVE-2006-6646 | HTML-Injection vulnerability in Drupal Project and Drupal Project Issue Tracking Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. network drupal | 6.8 |
| 2006-12-14 | CVE-2006-6531 | Cross-Site Scripting vulnerability in Help Tip Module Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. network drupal | 6.8 |
| 2006-12-08 | CVE-2006-6386 | Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. network drupal | 6.8 |
| 2006-10-24 | CVE-2006-5475 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. network drupal | 6.8 |
| 2006-09-23 | CVE-2006-4949 | Cross-Site Scripting vulnerability in Site Profile Directory Module Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. network drupal | 4.3 |
| 2006-09-23 | CVE-2006-4947 | HTML Injection vulnerability in Drupal Search Keyword Module 1.12/1.13/1.14 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal core is not affected. network drupal | 6.8 |
| 2006-09-15 | CVE-2006-4821 | Cross-Site Scripting vulnerability in Drupal Userreview Module 4.7 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network drupal | 4.3 |
| 2006-09-08 | CVE-2006-4646 | Cross-Site Scripting vulnerability in Drupal Pathauto Module 4.6/4.7 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network drupal | 6.8 |
| 2006-08-14 | CVE-2006-4120 | HTML Injection vulnerability in Drupal Recipe Module Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |