| Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4498 | 2.1 |
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authe
|
19-05-2014 - 16:45 | 17-05-2014 - 20:55 | |
| CVE-2013-4502 | 4.0 |
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.
|
14-05-2014 - 18:34 | 13-05-2014 - 15:55 | |
| CVE-2013-4504 | 2.6 |
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
14-05-2014 - 16:57 | 13-05-2014 - 15:55 | |
| CVE-2013-4503 | 2.1 |
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.
|
14-05-2014 - 16:50 | 13-05-2014 - 15:55 | |
| CVE-2013-4501 | 5.0 |
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.
|
14-05-2014 - 16:43 | 13-05-2014 - 15:55 | |
| CVE-2013-4500 | 4.9 |
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option.
|
14-05-2014 - 16:36 | 13-05-2014 - 15:55 |