MidnightBSD

Advisories for karen_stevenson

CVE-2009-3156 LOW

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
karen_stevenson date 6.x-2.0
karen_stevenson date 6.x-2.0-beta3
karen_stevenson date 6.x-2.0-beta2
karen_stevenson date 6.x-2.2
karen_stevenson date 6.x-2.0-beta4
karen_stevenson date 6.x-2.0-beta
karen_stevenson date 6.x-1.0-beta
karen_stevenson date 6.x-1.x-dev
drupal drupal *
karen_stevenson date 6.x-2.1
CVE-2009-3157 LOW

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
karen_stevenson calendar 6.x-2.1
karen_stevenson calendar 6.x-2.x-dev
karen_stevenson calendar 6.x-2.0
CVE-2010-2352 MEDIUM

The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
karen_stevenson cck 6.x-2.0
karen_stevenson cck 6.x-2.6
yves_chedemois cck 5.x-1.9
yves_chedemois cck 5.x-1.10
karen_stevenson cck 5.x-1.2
yves_chedemois cck 5.x-1.4
yves_chedemois cck 5.x-1.5
karen_stevenson cck 5.x-1.0
karen_stevenson cck 5.x-1.3
yves_chedemois cck 5.x-1.8
karen_stevenson cck 6.x-2.1
karen_stevenson cck 6.x-2.5
yves_chedemois cck 5.x-1.6
karen_stevenson cck 6.x-2.2
karen_stevenson cck 6.x-2.4
karen_stevenson cck 5.x-1.7
karen_stevenson cck 5.x-1.x
yves_chedemois cck 5.x-1.6-1
karen_stevenson cck 5.x-1.1
karen_stevenson cck 6.x-2.3