| Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-2341 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
|
29-12-2017 - 02:29 | 18-05-2012 - 22:55 | |
| CVE-2012-2339 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
|
29-08-2017 - 01:31 | 21-05-2012 - 20:55 | |
| CVE-2012-2340 | 3.5 |
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspec
|
28-06-2012 - 03:43 | 21-05-2012 - 20:55 |