| Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-5022 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
|
22-07-2014 - 19:21 | 22-07-2014 - 14:55 | |
| CVE-2014-5021 | 2.1 |
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group lab
|
22-07-2014 - 19:10 | 22-07-2014 - 14:55 | |
| CVE-2014-5020 | 4.9 |
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file
|
22-07-2014 - 19:03 | 22-07-2014 - 14:55 | |
| CVE-2014-5019 | 5.0 |
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
|
22-07-2014 - 19:00 | 22-07-2014 - 14:55 |