| Max CVSS | 5.1 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-1226 | 4.3 |
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 | |
| CVE-2006-1228 | 5.1 |
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. This vulnerability affects Drupal versions 4.6.x bef
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 | |
| CVE-2006-1225 | 5.0 |
CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 | |
| CVE-2006-1227 | 4.6 |
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 |