Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2024-11-21 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2024-11-21 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. |