Vulnerabilities > Nancy Wichmann

DATE CVE VULNERABILITY TITLE RISK
2012-10-31 CVE-2012-4500 Permissions, Privileges, and Access Controls vulnerability in Nancy Wichmann Announcements
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
3.5
2012-08-14 CVE-2012-2298 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
4.3
2012-07-25 CVE-2012-2302 Information Exposure vulnerability in Nancy Wichmann Sitedoc
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
nancy-wichmann drupal CWE-200
5.0
2012-06-27 CVE-2012-2711 Cross-Site Scripting vulnerability in Nancy Wichmann Taxonomy List
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
network
high complexity
nancy-wichmann drupal CWE-79
2.1
2012-05-21 CVE-2012-2339 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
4.3
2009-12-31 CVE-2009-4524 Cross-Site Scripting vulnerability in Nancy Wichmann Realname 6.X1.0/6.X1.1/6.X1.2
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
4.3