Vulnerabilities > Drupal > User Karma Module > 5.x.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-25 | CVE-2008-6276 | SQL Injection vulnerability in Drupal User Karma Module Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | 6.5 |
| 2009-02-25 | CVE-2008-6275 | Cross-Site Scripting vulnerability in Drupal User Karma Module Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | 4.3 |