| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-6660 | 6.8 |
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value call
|
24-12-2016 - 02:59 | 24-08-2015 - 14:59 | |
| CVE-2015-6665 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML el
|
24-12-2016 - 02:59 | 24-08-2015 - 14:59 | |
| CVE-2015-6661 | 5.0 |
Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.
|
24-12-2016 - 02:59 | 24-08-2015 - 14:59 | |
| CVE-2015-6659 | 7.5 |
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
|
24-12-2016 - 02:59 | 24-08-2015 - 14:59 | |
| CVE-2015-6658 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
|
24-12-2016 - 02:59 | 24-08-2015 - 14:59 |