Vulnerabilities > Sean Robertson > Crmngp > 6.x.1.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-09 | CVE-2009-3920 | Permissions, Privileges, and Access Controls vulnerability in Sean Robertson Crmngp An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors. | 5.0 |
2009-11-09 | CVE-2009-3919 | Cross-Site Scripting vulnerability in Sean Robertson Crmngp Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information." | 4.3 |