Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-18 | CVE-2015-4139 | Cross-site Scripting vulnerability in WP Smiley Project WP Smiley 1.4.1 Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php. | 3.5 |
2015-06-17 | CVE-2015-4337 | Cross-site Scripting vulnerability in Xcloner 3.1.2 Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php. | 3.5 |
2015-06-16 | CVE-2015-4374 | Cross-site Scripting vulnerability in Webform Project Webform Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email. | 3.5 |
2015-06-16 | CVE-2015-4608 | Cross-site Scripting vulnerability in BE User LOG Project BE User LOG 1.1.1 Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-06-16 | CVE-2015-3010 | Information Exposure vulnerability in Ceph Ceph-Deploy 1.5.22 ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | 2.1 |
2015-06-15 | CVE-2015-4395 | Information Exposure vulnerability in Hybridauth Social Login Project Hybridauth Social Login The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database. | 3.5 |
2015-06-15 | CVE-2015-4392 | Cross-site Scripting vulnerability in Display Suite Project Display Suite 7X2.7 Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings. | 3.5 |
2015-06-15 | CVE-2015-4388 | Cross-site Scripting vulnerability in Current Search Links Project Current Search Links 7.X1.0/7.X1.Xdev Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query. | 2.6 |
2015-06-15 | CVE-2015-4387 | Cross-site Scripting vulnerability in Password Policy Project Password Policy Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source. | 2.6 |
2015-06-15 | CVE-2015-4385 | Cross-site Scripting vulnerability in Imagefield Info Project Imagefield Info 7.X1.0/7.X1.1/7.X1.Xdev Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |