| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4376 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecifie
|
13-08-2015 - 18:31 | 15-06-2015 - 14:59 | |
| CVE-2015-4356 | 3.5 |
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.
|
30-06-2015 - 14:16 | 15-06-2015 - 14:59 | |
| CVE-2015-4357 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a nod
|
30-06-2015 - 14:15 | 15-06-2015 - 14:59 | |
| CVE-2015-4374 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a com
|
26-06-2015 - 15:56 | 16-06-2015 - 17:59 | |
| CVE-2015-4398 | 5.8 |
Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving
|
25-06-2015 - 16:26 | 16-06-2015 - 17:59 | |
| CVE-2015-4375 | 4.3 |
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an e
|
16-06-2015 - 17:16 | 15-06-2015 - 14:59 |