Vulnerabilities > Karen Stevenson

DATE	CVE	VULNERABILITY TITLE	RISK
2012-09-20	CVE-2012-1626	SQL Injection vulnerability in Karen Stevenson Date SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. network drupal karen-stevenson CWE-89	6.0
2010-06-21	CVE-2010-2352	Improper Input Validation vulnerability in multiple products The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. network low complexity karen-stevenson yves-chedemois drupal CWE-20	5.0
2009-08-13	CVE-2008-6972	Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. network drupal karen-stevenson yves-chedemois CWE-79	3.5

Vulnerabilities > Karen Stevenson {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Karen Stevenson"}]}