Vulnerabilities > Nancy Wichmann
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-31 | CVE-2012-4500 | Permissions, Privileges, and Access Controls vulnerability in Nancy Wichmann Announcements The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | 3.5 |
| 2012-08-14 | CVE-2012-2298 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." | 4.3 |
| 2012-07-25 | CVE-2012-2302 | Information Exposure vulnerability in Nancy Wichmann Sitedoc Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2012-06-27 | CVE-2012-2711 | Cross-Site Scripting vulnerability in Nancy Wichmann Taxonomy List Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | 2.1 |
| 2012-05-21 | CVE-2012-2339 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." | 4.3 |
| 2009-12-31 | CVE-2009-4524 | Cross-Site Scripting vulnerability in Nancy Wichmann Realname 6.X1.0/6.X1.1/6.X1.2 Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. | 4.3 |