Vulnerabilities > Drupal > User Karma Module > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-02-25 CVE-2008-6276 SQL Injection vulnerability in Drupal User Karma Module
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
network
low complexity
drupal joomla CWE-89
6.5
2009-02-25 CVE-2008-6275 Cross-Site Scripting vulnerability in Drupal User Karma Module
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.
network
drupal joomla CWE-79
4.3