2bits: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
CVSS Score
4.3
EPSS Score
0.004
Published
2010-03-23
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-10-26