Vulnerabilities (CVE)

Filtered by vendor Karen Stevenson Subscribe
Filtered by product Date
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1626 2 Drupal, Karen Stevenson 2 Drupal, Date 2024-11-21 6.0 MEDIUM N/A
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3156 2 Drupal, Karen Stevenson 2 Drupal, Date 2024-11-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.