Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-5569 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
|
15-04-2021 - 16:15 | 03-12-2012 - 21:55 | |
CVE-2012-5539 | 3.5 |
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is wa
|
06-05-2020 - 12:48 | 03-12-2012 - 21:55 | |
CVE-2012-5556 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unkn
|
26-02-2020 - 17:25 | 03-12-2012 - 21:55 | |
CVE-2012-5542 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane
|
29-08-2017 - 01:32 | 03-12-2012 - 21:55 | |
CVE-2012-5559 | 2.6 |
Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web
|
19-06-2015 - 14:20 | 03-12-2012 - 21:55 | |
CVE-2012-5552 | 5.0 |
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
|
20-07-2013 - 03:33 | 03-12-2012 - 21:55 | |
CVE-2012-5545 | 2.1 |
Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors r
|
26-02-2013 - 04:52 | 03-12-2012 - 21:55 | |
CVE-2012-5551 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sa
|
26-02-2013 - 04:52 | 03-12-2012 - 21:55 | |
CVE-2012-5544 | 4.0 |
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.
|
17-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5550 | 7.5 |
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
04-12-2012 - 18:39 | 03-12-2012 - 21:55 | |
CVE-2012-5549 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
04-12-2012 - 18:38 | 03-12-2012 - 21:55 | |
CVE-2012-5557 | 3.6 |
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated use
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5540 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors.
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5554 | 5.0 |
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5538 | 2.1 |
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web s
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5547 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5543 | 4.3 |
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5541 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from T
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5548 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5537 | 6.0 |
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 | |
CVE-2012-5553 | 2.1 |
Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script
|
04-12-2012 - 05:00 | 03-12-2012 - 21:55 |