Karen Stevenson: >> Date >> 6.x-2.2 Security Vulnerabilities
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.006
Published
2012-09-20
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
CVSS Score
2.1
EPSS Score
0.005
Published
2009-09-10