Vulnerabilities > Site Documentation Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-15 | CVE-2015-4370 | Cross-site Scripting vulnerability in Site Documentation Project Site Documentation Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. | 3.5 |
| 2008-05-16 | CVE-2008-2271 | Improper Privilege Management vulnerability in Site Documentation Project Site Documentation The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | 5.0 |