Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-9503 | 5.5 |
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
|
27-02-2018 - 18:58 | 01-02-2018 - 17:29 | |
CVE-2014-9502 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu call
|
27-02-2018 - 18:55 | 01-02-2018 - 17:29 | |
CVE-2014-9504 | 5.0 |
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
|
27-02-2018 - 18:45 | 01-02-2018 - 17:29 | |
CVE-2014-9499 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.
|
08-09-2017 - 01:29 | 09-01-2015 - 18:59 | |
CVE-2014-9505 | 3.5 |
Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.
|
08-09-2017 - 01:29 | 09-01-2015 - 18:59 | |
CVE-2014-9500 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.
|
12-01-2015 - 19:09 | 09-01-2015 - 18:59 | |
CVE-2014-9501 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.
|
12-01-2015 - 19:09 | 09-01-2015 - 18:59 | |
CVE-2014-9498 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit
|
12-01-2015 - 19:08 | 09-01-2015 - 18:59 |