Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| karen_stevenson | date | 6.x-2.0 |
| karen_stevenson | date | 6.x-2.0-beta3 |
| karen_stevenson | date | 6.x-2.0-beta2 |
| karen_stevenson | date | 6.x-2.2 |
| karen_stevenson | date | 6.x-2.0-beta4 |
| karen_stevenson | date | 6.x-2.0-beta |
| karen_stevenson | date | 6.x-1.0-beta |
| karen_stevenson | date | 6.x-1.x-dev |
| drupal | drupal | * |
| karen_stevenson | date | 6.x-2.1 |
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| karen_stevenson | calendar | 6.x-2.1 |
| karen_stevenson | calendar | 6.x-2.x-dev |
| karen_stevenson | calendar | 6.x-2.0 |
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| karen_stevenson | cck | 6.x-2.0 |
| karen_stevenson | cck | 6.x-2.6 |
| yves_chedemois | cck | 5.x-1.9 |
| yves_chedemois | cck | 5.x-1.10 |
| karen_stevenson | cck | 5.x-1.2 |
| yves_chedemois | cck | 5.x-1.4 |
| yves_chedemois | cck | 5.x-1.5 |
| karen_stevenson | cck | 5.x-1.0 |
| karen_stevenson | cck | 5.x-1.3 |
| yves_chedemois | cck | 5.x-1.8 |
| karen_stevenson | cck | 6.x-2.1 |
| karen_stevenson | cck | 6.x-2.5 |
| yves_chedemois | cck | 5.x-1.6 |
| karen_stevenson | cck | 6.x-2.2 |
| karen_stevenson | cck | 6.x-2.4 |
| karen_stevenson | cck | 5.x-1.7 |
| karen_stevenson | cck | 5.x-1.x |
| yves_chedemois | cck | 5.x-1.6-1 |
| karen_stevenson | cck | 5.x-1.1 |
| karen_stevenson | cck | 6.x-2.3 |