Vulnerabilities > Kristof DE Jaeger

DATE CVE VULNERABILITY TITLE RISK
2013-06-25 CVE-2013-2177 Cross-Site Scripting vulnerability in Kristof DE Jaeger Display Suite
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
4.3
2012-08-14 CVE-2012-2073 Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Bundle Copy 7.X1.0/7.X1.X
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
6.0
2009-12-31 CVE-2009-4520 Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Commentreference
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
network
low complexity
kristof-de-jaeger drupal CWE-264
5.0