The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-10-09
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-10-09
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.
CVSS Score
2.1
EPSS Score
0.002
Published
2013-09-30
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-09-30
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API.
CVSS Score
6.8
EPSS Score
0.002
Published
2013-09-25
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-09-25
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.005
Published
2013-08-28
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.
CVSS Score
4.3
EPSS Score
0.006
Published
2013-08-28
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
CVSS Score
7.5
EPSS Score
0.004
Published
2013-08-28
Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.002
Published
2013-08-28